[ILUG] Ximian on Debian Potato
Jerry Walsh
jerry at aardvark.ie
Thu Apr 26 11:04:01 IST 2001
The entry in /etc/hosts just means you're prone from DNS poisoning - I
still wouldn't call it trusted considering there's no actual way of
authenticating that the code hasn't been tampered with, there's no way of
telling its the real code you got and not some evil shell script which was
put in place by some 3l33t h4x0r. It's not signed, it's not verified by
some sort of checksum, it's EVIL!
Jerry.
At 10:53 26/04/01 +0100, you wrote:
>On Thu, Apr 26 2001 at 10:43AM, Jerry Walsh(jerry at aardvark.ie) wrote:
>: That has got to be one of the scariest things i've ever seen!
>:
>: You run untrusted code without even reviewing it..
>:
>: Please don't tell me this is done as root
>:
>: Jerry.
>:
>: At 10:37 26/04/01 +0100, you wrote:
>: >lynx -source http://go-gnome.com | /bin/sh
>
>1. Review it all you like.. I'm not stopping you. I'm simply quoting the
> "installation instructions" ximian had on their page up until about a
> week ago.
>2. It's coming from a trusted source (set in my /etc/hosts for that
> tamper-proof sheen). It's about as secure as actually installing the
> software.
>3. Running X in a secure environment isn't a *great* idea anyway.
>
>- John
>
>--
>Irish Linux Users' Group: ilug at linux.ie
>http://www.linux.ie/mailman/listinfo/ilug for (un)subscription information.
>List maintainer: listmaster at linux.ie
More information about the ILUG
mailing list