[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gNewSense-users] gNewSense Servers Safe

From: Matthew Flaschen
Subject: Re: [gNewSense-users] gNewSense Servers Safe
Date: Thu, 01 Jan 2009 16:31:26 -0500
User-agent: Thunderbird (X11/20081125)

Ted Smith wrote:
> On Thu, 2009-01-01 at 17:49 +0800, Koh Choon Lin wrote:
>>>> I noted in recent times, servers for distro like Fedora and Debian
>>>> were compromised by hackers. Are there some measures taken for
>>>> gNewSense after those incidents?
>> I actually meant to ask how the servers hosting gNewSense are
>> protected to insure against rootkits being inserted into the
>> distribution stream.
> Well, all packages are PGP-signed, the preferred distribution method of
> the LiveCDs is BitTorrent (which is un-rootkitable), and the liveCD's
> available for direct download are MD5sum'd (and the MD5sums are
> PGP-signed).

I agree.  The only things that really matter are:

1. Using a secure hash (e.g. SHA-256).
2. Keeping the GPG key secure.
3. Signing the hashes.

Matt Flaschen

reply via email to

[Prev in Thread] Current Thread [Next in Thread]