[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: download versie 2.12

From: Graham Percival
Subject: Re: download versie 2.12
Date: Tue, 31 Mar 2009 22:16:49 +0800
User-agent: Mutt/1.5.18 (2008-05-17)

On Tue, Mar 31, 2009 at 11:14:43AM -0300, Han-Wen Nienhuys wrote:
> On Tue, Mar 31, 2009 at 10:33 AM, Graham Percival
> <address@hidden> wrote:
> > I wouldn't say that.  It would provide notification of a botched
> > download (if anybody checks it), or notification of a very
> > sophisicated man-in-the-middle attack whereby somebody attempts to
> > hack a system by modifying lilypond tarballs.  In order to gain a
> > local-user account.
> For the modifying tarballs version, the attacker could also change de
> MD5s as the webpages and the binaries are hosted on the same server.

Hmm, good point.  Now, I guess that we could start GPG-signing the
md5s... but this is getting past the "idle speculation" phase and
into "unrestrainedly ridiculous" phase.  :)

- Graham

reply via email to

[Prev in Thread] Current Thread [Next in Thread]