[SECURITY] Fedora Core 2 Update: mysql-3.23.58-9.1
John Summerfield
debian at herakles.homelinux.org
Fri Dec 10 14:11:36 UTC 2004
On Friday 10 December 2004 00:49, Matthew Miller wrote:
> Yeah, silly oversight on my part to send it with the wrong From:
> > address. Apologies.
>
> Thanks.
Sending email with anyone else's address is trivial; just configure your email
client with their address. Even non-geeks can manage that.
_Signed_ email is different, but odds are I could create a fake identity,
maybe calling myself Matthew Miller, and send signed email and nobody (except
the other MM) would notice.
Of importance is where users the updates themselves. I cannot put the updates
packages on your site unless you're extraordinarily careless (or I'm
extraordinarily lucky) or you actually trust me enough to grant me access.
I'm pretty confident I can trust RH sites and their Australian mirrors, and
I'm not really concerned about who sends the notices or (if I have my
automatic update in place) whether anyone does.
--
Cheers
John Summerfield
tourist pics: http://environmental.disaster.cds.merseine.nu/
More information about the fedora-list
mailing list