K.S. Bhaskar via plug on 2 Jul 2021 07:20:25 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Major Linux RPM problem uncovered

I stumbled onto https://www.zdnet.com/article/major-linux-rpm-problem-uncovered/ this morning. I presume (hope?) this is not an issue if one is only installing from legitimate repositories as presumably the user validation they are doing when accepting commits provides an additional layer of defense. Using an appropriately encrypted and validated connection to the repositories should protect against attacks that divert the DNS or network routes to a bogus repository.

Thoughts welcome. Thanks.

– Bhaskar
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug