[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: download versie 2.12

From: Han-Wen Nienhuys
Subject: Re: download versie 2.12
Date: Tue, 31 Mar 2009 11:14:43 -0300

On Tue, Mar 31, 2009 at 10:33 AM, Graham Percival
<address@hidden> wrote:
> On Mon, Mar 30, 2009 at 04:51:36PM -0300, Han-Wen Nienhuys wrote:
>> It would be trivial, but as the md5sums would be autogenerated, so it
>> does not buy any protection against anything.
> I wouldn't say that.  It would provide notification of a botched
> download (if anybody checks it), or notification of a very
> sophisicated man-in-the-middle attack whereby somebody attempts to
> hack a system by modifying lilypond tarballs.  In order to gain a
> local-user account.

For the modifying tarballs version, the attacker could also change de
MD5s as the webpages and the binaries are hosted on the same server.

Han-Wen Nienhuys - address@hidden -

reply via email to

[Prev in Thread] Current Thread [Next in Thread]