[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] Re: SUSE Security Announcement: gpg,liby2util signature checking problems (SUSE-SA:2006:013)



On Monday 06 March 2006 18:59, Markus Gaugusch wrote:
> On Mar 6, Malte Gell <malte.gell@xxxxxx> wrote:

> > > This also proofs that at least on the common mirrors
> > > (ftp.gwdg.de, sometimes ftp.leo.org I think, and lately also
> > > suse.inode.at) no manipulated package were placed.
> >
> > Why is this a matter of what mirror one choses? I thought it´s only
> > a matter of how YOU or your fou4s checks the signatures?

> If I was running fou4s on a specific mirror and have not noticed any
> faulty packages, one could assume that this mirror was "clean".

Of course... I forgot fou4s just uses the standard patch notifications 
provided by SUSE and so faulty packages would have been detected. 
Clever ;-)

Malte

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here