On Fri, Jul 25, 2008 at 07:31:30PM +1200, Nathan Ward wrote:
So uh, is this patch available for download over HTTPS with a key that was generated by the vendor and signed by well trusted root CAs on a boxes with OpenSSL versions not released by Debian?
PATCH NOW PATCH NOW seems like a fantastic way to get nefarious code deployed in really, really interesting places.
:-)
I'm not smiling. I'm wondering if we're insufficiently paranoid. Course that could be because I'm reading the Mitnick book this week. But I don't think so. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Josef Stalin)