On Dienstag 06 April 2010, Butterworth, John W. wrote: > Hi. I have a security-related question for Portage/rsync: > > > > If someone makes a change to a copy of a program (say a backdoor added to > apache) hosted on a public mirror, will the sync'ing between the public > mirror and the main rotation mirror determine that it's corrupted (via > 'bad' checksum) on the public-mirror side and replace it? > > > > Thank you in advance, > > -john
what mirror? If he changes the apache tarball on one of the distfile mirrors or the apache mirrors that one will be caught by the ckecksum check. If he changes the ebuild - well...
