Re: code injection in packages.debian.org

xed *right*now* then I > think the only sensible option is to remove the md5sum information > from the download page altogether and put it in the packages page > with the autogenerated content in a cell next to "Installed size". Sounds lik

Re: code injection in packages.debian.org

Hello, Am 11. Dezember 2006 18:51 schrieb Javier Fernández-Sanguino Peña: > On Mon, Dec 11, 2006 at 04:57:30PM +0100, Christian Boltz wrote: [please CC me in replies, I'm not subscribed] > > it's easy to do some code injection in packages.debian.org: > > This is

code injection in packages.debian.org

p://files.opensuse.org/opensuse/en/f/ff/Opensuse-green.png";>&arch=i386&type=main *SCNR* One could also "just" inject wrong MD5SUMs easily... Proposed solution: Please read the MD5SUM from a file or database instead of an URL parameter ;-) Regards, Christian Boltz -- Fontl