Joe Smith wrote:
However, if the security updates come from trusted security mirrors rather than
a general mirror, that attack would fail too. So with the exception of Sid or
Testing users that do not use the testing-security system to receive security
updates, Debian really is not terribly vulnerable to this.
It would still be possible to mount this attack if the attacker can
intercept packets on the way to the official trusted security mirror and
redirect them (e.g. transparent proxy) to an older copy of the mirror.
Brian May
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
