This is going off track, the go-gnome installer is insecure it makes no
attempt to BE secure.
The bottom line, if i'd the option of using the pipe script to root shell
option and the port option i'd choose the latter simply because it's more
secure. that's the bottom line, that's what i've been pointing out since
the beginning. Nothing is totally secure and pointing out weaknesses in
methods and how to defeat them proves nothing.
Oh and BTW, package dist. files are separate from the port files.
Thanks for your time !
At 12:34 26/04/01 +0100, you wrote:
> >>>>> "JW" == Jerry Walsh <jerry at aardvark.ie> writes:
>> JW> With this go-gnome.sh you pass it directly to a root shell, no
> JW> checks no nothing
> >> Same as with debs, RPMs or indeed ports from the collection.
>> JW> uhm... no.
>>I've previously explained why this is so. Anyone but a complete moron
>will alter the md5sums stored in the compromised package archive to
>match the altered packages.
>> JW> Checksums aren't just used to check if the package is damaged,
> JW> they're used to check if the contents of the file is what it
> JW> should be.
>>When the checksums are stored in the same location as the packages,
>they are useless as an anti-tampering device since a compromised
>archive means that EVERYTHING is compromised, checksums included.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!