On Sun, Dec 16, 2012 at 18:12:13 +0100, Reindl Harald <h.rei...@thelounge.net> wrote:
nothing easier as to point you to another repo with /etc/hosts if something goes wrong on your machine - it is enough if you are ONE TIME ente your root-password in the wrong dialog and after pointing you to a modified repo you get a backdoor installed which you can not detect if it is done well by filter output of lsof, ps and whatever tools you think are helping you in such cased
At that point it is game over and a signed upgrade process isn't going to help.
who makes you believe repos are always trustable for sure and no ssh-keys of maintainers are lost and misued? it happened not so long ago to the fedora infrastructure (google is your friend)
That is a different risk than the one that started this conversation. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
