Michel Posted January 29, 2003 Report Share Posted January 29, 2003 I've read an OLD article about some hackers that could access the opensource-program tcpdump and placed some spyware in it. It was discovered after 2 days. This isn't long, but it was enough time, so that some people installed this version. Now I thought that if they could acces the program on the server, they can also replace the md5sum. If the mdk5sum would be send by email it could be placed safer, isn't it? You could maybe discover this way that the program isn't any good. I suppose there is a way to get the exact same mdk5sum anyway or isn't there? This was a single case, but we have to be sure that the program is safe. (You could also replace the mdk5sum daily with the exact one(old if replaced)with a cron for example?). Of course some pgp in stead of mdk5 could be a lot better. I don't know if this is really necessary, but some simple security, so that there aren't any changes for users, arrangements can't be bad. Michel Quote Link to comment Share on other sites More sharing options...
Pzatch Posted January 29, 2003 Report Share Posted January 29, 2003 If you are truely worried about the md5sums that come from the mirror sites then you could easily compare the the md5sum numbers. If the download ISO's are the same then the numbers should be the same from site to site. Just make sure your comparing the same ISO version. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.