* Rob <[EMAIL PROTECTED]> [2008-07-11 00:23]: > There's a story today about several linux distros and how they're > vulnerable to a number of attacks based on their distributed package > management infrastructure: > > http://www.cs.arizona.edu/people/justin/packagemanagersecurity/attacks-on-package-managers.html Thanks for the link; I'll have a look.
> This lead me to think, i don't believe opensolaris/indiana does any > sort of package signing does it? Nor does it utilize SSL for > communication for client<->server communications? > > Do you guys think this could be a serious issue in the future? We know that we have work to do in both these areas. (The client supports HTTPS connections, but doesn't presently validate the server's certificate, so that's insufficient.) - Stephen -- [EMAIL PROTECTED] http://blogs.sun.com/sch/ _______________________________________________ indiana-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/indiana-discuss
