[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Spyware in Octave
From: |
David Bateman |
Subject: |
Re: Spyware in Octave |
Date: |
Fri, 19 Sep 2008 09:34:30 +0200 |
User-agent: |
Thunderbird 2.0.0.16 (X11/20080725) |
Rob Mahurin wrote:
I agree the most likely explanation is a false detection. But I
haven't seen in this discussion any way to verify that
1. the octave-forge installer is the same file uploaded in May
(Bruce installed his version a week or so after the upload)
2. the "suspicious" binaries are the same binaries carried by the
installer
If both of these are true, and the false detection is on a file from
the Octave project, it would be good PR to try and avoid the problem
in the windows release of 3.0.2.
This all comes down to a question of trust, and in the end you have to
trust someone.. Imagine that we put the MD5 sum of the binary on the
octave-forge pages so that they might be check. In fact for the
octave-forge source packages such a file already exists in
http://octave.sourceforge.net/packages.md5
This file existings mainly to identify is a package release is newer
than the version you already have installed and was suppose to be part
of an eventual implementation of a "pkg upgrade" command.
So adding the binaries to this file would probably make sense. However,
the website and the above file are both hosted by sourceforge. The
binary is as well. Therefore saying that the binary is the same as
uploaded at such and such a date as the MD5 sum agrees is problematic as
someone who is able to alter the binary is also capable of altering the
webpage or file with the MD5 sums as well.
So yes it gives a bit more protection. However that protection is
largely illusory. If it makes people happier then sure why no publish
the MD5 sums..
Regards
David
--
David Bateman address@hidden
Motorola Labs - Paris +33 1 69 35 48 04 (Ph)
Parc Les Algorithmes, Commune de St Aubin +33 6 72 01 06 33 (Mob)
91193 Gif-Sur-Yvette FRANCE +33 1 69 35 77 01 (Fax)
The information contained in this communication has been classified as:
[x] General Business Information
[ ] Motorola Internal Use Only
[ ] Motorola Confidential Proprietary
- Re: Spyware in Octave, (continued)
Spyware in Octave, Thomas L. Scofield, 2008/09/16
- Re: Spyware in Octave, dbateman, 2008/09/17
- RE: Spyware in Octave, Labitt, Bruce, 2008/09/17
- RE: Spyware in Octave, dbateman, 2008/09/17
- RE: Spyware in Octave, Labitt, Bruce, 2008/09/17
- Re: Spyware in Octave, Michael Goffioul, 2008/09/18
- Re: Spyware in Octave, dbateman, 2008/09/18
Re: Spyware in Octave, Michael Goffioul, 2008/09/18