[H-GEN] redhat up2date
Johann
johann at spot-the-dog.com
Fri Apr 4 18:09:32 EST 2003
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
Jason Parker-Burlingham wrote:
>[ Humbug *General* list - semi-serious discussions about Humbug and ]
>[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
>
>Johann <johann at spot-the-dog.com> writes:
>
>[Red Hat 9 being available early]
>
>
>
>
>Uh, did you check the md5sums or signatures of the ISOs you
>downloaded before you installed them?
>
>
I copied the md5sums from the telstra site, but if this was a trojaned
version, I figured I'd only have the trojaned md5sums. Although the
md5sums of the files I downloaded did agree with the ones that were
posted on the bigpond site.
>If I'd found a copy of Red Hat 9 almost a week earlier than it was
>supposed to be available I would be checking very hard to make sure it
>wasn't trojaned.
>
>
either good or bad, that thought did not occur to me, rather that
telstra had either made a big boo boo, or that they somehow had a deal
with redhat in that they are able to offer the redhat 9 isos to their
subscribers (this is highly unlikely).
>I don't mean to sound like I'm having a go at Red Hat---quite the
>contrary. However I would be very concerned.
>
>
Give that other well known projects have been trojaned (although I can't
remember them off the top of my head), and that redhat did only offer
the iso to paid redhat subscribers, I think I should have been more
concerned. In hindsight I was like a kid in a candy store, only thinking
about what I was going to get and nothing else. I guess this begs a
legal question, have I violated any legal software contracts ? (I knew
the isos were only available to paid subscribers in the first week), but
then again, the isos were made available to me through a legal channel.
Me thinks I will be doing a quick security audit of the installs,
however I am more willing to believe (at this stage anyway) that someone
stuffed up at telstra than the redhat 9 isos where trojaned and then
made available on the telstra site.
So any ideas how I can check the hundreds of programs that I have
installed. I guess the easy thing to do is wait until monday and
re-check the md5sums, but I think I could learn a bit from trying to
find a potential trojan.
cheers
Johann
--
Johann Kwiatkowski
Spot The Dog Graphics
ph: (07) 33233677
fax: (07) 33233677
mobile: 0418 797 419
web: www.spot-the-dog.com
--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'. See http://www.humbug.org.au/
More information about the General
mailing list