[PLUG] Major Linux RPM problem uncovered

K.S. Bhaskar via plug on 2 Jul 2021 07:20:25 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Major Linux RPM problem uncovered

From: "K.S. Bhaskar via plug" <plug@lists.phillylinux.org>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: [PLUG] Major Linux RPM problem uncovered
Date: Fri, 2 Jul 2021 10:20:09 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=vmcDc9LDmDDRRhfhkRm6ezrJBdM64RJJ/1fAafrUYFI=; b=t/ybi4l3WHKCsEAYl+83FacE1SuCujuyGvJozmOczKxxPigAVySAw4hOuhR2I6kWvz tl2weODYMvtCuxvTirk7RRBp8B+A0B5Wzf1n3zpXoxRmkP5MgrScRjyRxC7j7xJO3af6 qBrmvMNG+Y6rJPnZP7qio+G4KUdoc/YLCMfvlf1eFQSMD1za7/4uobsVDTT5+qifaBjY IwVxqh04dvav5h7lG4YzwJGY5CPXjAz00paamLQXV3C7nzFCHZycw24fPNOSXXO43tST pPzdIQj6oWqJ9W64nZPCQJh2DUFTnmAZ4K1BbTjid181cpK4/UsmLHchpB+Zlb2rqImY L48A==
Reply-to: "K.S. Bhaskar" <ksbhaskar@gmail.com>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

I stumbled onto https://www.zdnet.com/article/major-linux-rpm-problem-uncovered/ this morning. I presume (hope?) this is not an issue if one is only installing from legitimate repositories as presumably the user validation they are doing when accepting commits provides an additional layer of defense. Using an appropriately encrypted and validated connection to the repositories should protect against attacks that divert the DNS or network routes to a bogus repository.

Thoughts welcome. Thanks.

Regards

– Bhaskar

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Next by Date: [PLUG] Python nested dict data structure
Next by thread: [PLUG] Python nested dict data structure
Index(es):
- Date
- Thread