Weird downloading problem
Mauricio Teixeira
mteixeira at webset.net
Sat Feb 16 01:59:10 PST 2008
On 02/16/2008 03:49 AM, Patryk Zawadzki wrote:
> I highly doubt that the files could be changed while keeping the same
> name. We are talking about real repos here. The only thing that could
> happen would be signing them with GPG keys. Can't smart just continue
> with a warning instead of dying? If the file is bad, rpm will
> complain.
Consider this a "security feature": if the file is different than what
the metadata says, it's possible that someone hacked into the server and
overwrite the file, or you could even have a man-in-the-middle attack.
In any case, rpm would never complain (as the file could be fine, but
contain a backdoor, for example).
--
% Mauricio Teixeira (netmask) | Sao Paulo/SP/BR %
% mteixeira{a}webset{d}net | http://smartpm.org %
% http://mteixeira.webset.net | http://pmping.sf.net %
NOTE: This is my personal e-mail account. I do NOT use
it to speak for my employer or any of my co-workers.
More information about the Smart
mailing list