> Perhaps I did not state this clearly enough. The majority of cases
> I run across are caused by an entirely unnecessary dependancy to
> a version of libc6 which isn't in any way required for the package
> in question. Yes, one can fix this manually. Every time, for every
> package. Which naturall
> Perhaps I did not state this clearly enough. The majority of cases
> I run across are caused by an entirely unnecessary dependancy to
> a version of libc6 which isn't in any way required for the package
> in question. Yes, one can fix this manually. Every time, for every
> package. Which naturall
On Sat, Nov 30, 2002 at 01:56:53PM +0100, Adrian Phillips wrote:
> > "Dale" == Dale Amon <[EMAIL PROTECTED]> writes:
> Dale> I've a general issue along those lines. There are often
> Dale> tools I'd like to install but most packages specify >= a
> Dale> version of libc6 even when th
On Sat, Nov 30, 2002 at 01:56:53PM +0100, Adrian Phillips wrote:
> > "Dale" == Dale Amon <[EMAIL PROTECTED]> writes:
> Dale> I've a general issue along those lines. There are often
> Dale> tools I'd like to install but most packages specify >= a
> Dale> version of libc6 even when th
> "Dale" == Dale Amon <[EMAIL PROTECTED]> writes:
Dale> I've a general issue along those lines. There are often
Dale> tools I'd like to install but most packages specify >= a
Dale> version of libc6 even when the package would basically run
Dale> with any libc that ever existed.
> On Saturday 30 November 2002 12:28, Fred Bowman wrote:
> That's true but, if you're trojaning a package, you might as well create
> a new keypair with the same name an address as the original, and many,
> if not most, will not see the difference. It's just a speed bump.
I thought debian-keyr
On Saturday 30 November 2002 12:28, Fred Bowman wrote:
> Benjamin Schulz schrieb:
> >>how can i proof, that the package is ok? md5sum is not
> >> satisfactory.
> >
> > why not?
>
> imagine that a package, which is provided on a server, is manipulated
> (trojan). there would be no problem for the ba
Benjamin Schulz schrieb:
how can i proof, that the package is ok? md5sum is not satisfactory.
why not?
imagine that a package, which is provided on a server, is manipulated
(trojan). there would be no problem for the bad guy to manipulate the
md5sum, too (if provided on the same server).
> "Dale" == Dale Amon <[EMAIL PROTECTED]> writes:
Dale> I've a general issue along those lines. There are often
Dale> tools I'd like to install but most packages specify >= a
Dale> version of libc6 even when the package would basically run
Dale> with any libc that ever existed.
> On Saturday 30 November 2002 12:28, Fred Bowman wrote:
> That's true but, if you're trojaning a package, you might as well create
> a new keypair with the same name an address as the original, and many,
> if not most, will not see the difference. It's just a speed bump.
I thought debian-keyr
On Saturday 30 November 2002 12:28, Fred Bowman wrote:
> Benjamin Schulz schrieb:
> >>how can i proof, that the package is ok? md5sum is not
> >> satisfactory.
> >
> > why not?
>
> imagine that a package, which is provided on a server, is manipulated
> (trojan). there would be no problem for the ba
Benjamin Schulz schrieb:
how can i proof, that the package is ok? md5sum is not satisfactory.
why not?
imagine that a package, which is provided on a server, is manipulated
(trojan). there would be no problem for the bad guy to manipulate the
md5sum, too (if provided on the same server).
12 matches
Mail list logo
