[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: download versie 2.12
From: |
Han-Wen Nienhuys |
Subject: |
Re: download versie 2.12 |
Date: |
Tue, 31 Mar 2009 11:14:43 -0300 |
On Tue, Mar 31, 2009 at 10:33 AM, Graham Percival
<address@hidden> wrote:
> On Mon, Mar 30, 2009 at 04:51:36PM -0300, Han-Wen Nienhuys wrote:
>> It would be trivial, but as the md5sums would be autogenerated, so it
>> does not buy any protection against anything.
>
> I wouldn't say that. It would provide notification of a botched
> download (if anybody checks it), or notification of a very
> sophisicated man-in-the-middle attack whereby somebody attempts to
> hack a system by modifying lilypond tarballs. In order to gain a
> local-user account.
For the modifying tarballs version, the attacker could also change de
MD5s as the webpages and the binaries are hosted on the same server.
--
Han-Wen Nienhuys - address@hidden - http://www.xs4all.nl/~hanwen
- download versie 2.12, dirk van der eerden, 2009/03/29
- Re: download versie 2.12, Jan Nieuwenhuizen, 2009/03/30
- Re: download versie 2.12, Patrick McCarty, 2009/03/30
- Re: download versie 2.12, Han-Wen Nienhuys, 2009/03/30
- Re: download versie 2.12, Graham Percival, 2009/03/31
- Re: download versie 2.12,
Han-Wen Nienhuys <=
- Re: download versie 2.12, Graham Percival, 2009/03/31
- Re: download versie 2.12, Simon Dahlbacka, 2009/03/31
- Re: download versie 2.12, Jan Nieuwenhuizen, 2009/03/31
- Re: download versie 2.12, Trevor Daniels, 2009/03/31
- Re: download versie 2.12, Francisco Vila, 2009/03/31
- Re: download versie 2.12, Trevor Daniels, 2009/03/31