lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: blancher at cartel-securite.fr (Cedric Blancher) Subject: [OT] Re: Knocking Microsoft Le sam 28/02/2004 ? 10:31, Martin Ma?ok a ?crit : > > % apt-get update && apt-get upgrade > > % apt-get install apache-ssl > Will it transfer the data in a secure way? (SSL?) What's the point securing publicly available data transfer with SSL ? The only thing that is important regarding to security for remote software installation and/or upgrade is archive authentication and integrity check after reception so one can avoid trojaned stuff. > Will it verify the data after being downloaded? (PGP signature?) Can be configured to do so. BTW, sadly, by default, only MD5 is checked. -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
Powered by blists - more mailing lists