From rpm-list-admin@freshrpms.net  Wed Oct  9 10:50:56 2002
Return-Path: <rpm-zzzlist-admin@freshrpms.net>
Delivered-To: zzz@localhost.spamassassin.taint.org
Received: from localhost (jalapeno [127.0.0.1])
	by spamassassin.taint.org (Postfix) with ESMTP id 4107516F17
	for <zzz@localhost>; Wed,  9 Oct 2002 10:49:47 +0100 (IST)
Received: from jalapeno [127.0.0.1]
	by localhost with IMAP (fetchmail-5.9.0)
	for zzz@localhost (single-drop); Wed, 09 Oct 2002 10:49:47 +0100 (IST)
Received: from egwn.net (auth02.nl.egwn.net [193.172.5.4]) by
    dogma.slashnull.org (8.11.6/8.11.6) with ESMTP id g98N4MK05876 for
    <zzz-rpm@spamassassin.taint.org>; Wed, 9 Oct 2002 00:04:23 +0100
Received: from auth02.nl.egwn.net (localhost [127.0.0.1]) by egwn.net
    (8.11.6/8.11.6/EGWN) with ESMTP id g98Mu1f15217; Wed, 9 Oct 2002 00:56:01
    +0200
Received: from evv.kamakiriad.local (cable-b-36.sigecom.net
    [63.69.210.36]) by egwn.net (8.11.6/8.11.6/EGWN) with ESMTP id
    g98Msxf14601 for <rpm-list@freshrpms.net>; Wed, 9 Oct 2002 00:55:00 +0200
Received: from aquila.kamakiriad.local (aquila.kamakiriad.local
    [192.168.1.3]) by kamakiriad.com (8.11.6/8.11.6) with SMTP id g98MsoP12267
    for <rpm-list@freshrpms.net>; Tue, 8 Oct 2002 17:54:51 -0500
From: Brian Fahrlander <kilroy@kamakiriad.com>
To: rpm-zzzlist@freshrpms.net
Subject: Apt repository authentication: it's time
Message-Id: <20021008175452.581c0e50.kilroy@kamakiriad.com>
X-Mailer: Sylpheed version 0.8.5 (GTK+ 1.2.10; i386-redhat-linux)
X-Message-Flag: : Shame on you!  You know Outlook is how viruses are spread!
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Mailscanner: Found to be clean, Found to be clean
Sender: rpm-zzzlist-admin@freshrpms.net
Errors-To: rpm-zzzlist-admin@freshrpms.net
X-Beenthere: rpm-zzzlist@freshrpms.net
X-Mailman-Version: 2.0.11
Precedence: bulk
Reply-To: rpm-zzzlist@freshrpms.net
List-Help: <mailto:rpm-zzzlist-request@freshrpms.net?subject=help>
List-Post: <mailto:rpm-zzzlist@freshrpms.net>
List-Subscribe: <http://lists.freshrpms.net/mailman/listinfo/rpm-zzzlist>,
    <mailto:rpm-list-request@freshrpms.net?subject=subscribe>
List-Id: Freshrpms RPM discussion list <rpm-zzzlist.freshrpms.net>
List-Unsubscribe: <http://lists.freshrpms.net/mailman/listinfo/rpm-zzzlist>,
    <mailto:rpm-list-request@freshrpms.net?subject=unsubscribe>
List-Archive: <http://lists.freshrpms.net/pipermail/rpm-zzzlist/>
X-Original-Date: Tue, 8 Oct 2002 17:54:52 -0500
Date: Tue, 8 Oct 2002 17:54:52 -0500


    Cliped from the latest CERT.org warning list:

-----------------------------------------------------------------------------------------------
"I. Description

   The  CERT/CC  has received confirmation that some copies of the source
   code  for  the  Sendmail  package have been modified by an intruder to
   contain a Trojan horse.

   The following files were modified to include the malicious code:

     sendmail.8.12.6.tar.Z
     sendmail.8.12.6.tar.gz

   These  files  began  to  appear  in  downloads  from  the  FTP  server
   ftp.sendmail.org  on  or  around  September  28,  2002.  The  Sendmail
   development  team  disabled  the  compromised FTP server on October 6,
   2002  at  approximately  22:15  PDT.  It  does  not appear that copies
   downloaded  via  HTTP contained the Trojan horse; however, the CERT/CC
   encourages  users  who  may  have  downloaded the source code via HTTP
   during  this  time  period  to take the steps outlined in the Solution
   section as a precautionary measure."

     OK, it's now time to work out the PGP securing of apt repository traffic. I've never gotten anything but "sitename.whatever will not be authenticated" until running Redhat 8.0 when I get something about having "No Key" for various files.

    What's it take to ensure we're covered against this kind of childish/moronic/Microsoft-era problems?
 
------------------------------------------------------------------------
Brian Fahrlnder              Linux Zealot, Conservative, and Technomad
Evansville, IN                    My Voyage: http://www.CounterMoon.com
ICQ  5119262
------------------------------------------------------------------------
angegangen, Schlange-Hften, sein es ganz rber jetzt. Bgel innen fest,
weil es eine lange, ssse Fahrt ist. 

_______________________________________________
RPM-List mailing list <RPM-List@freshrpms.net>
http://lists.freshrpms.net/mailman/listinfo/rpm-list


