FC5 Boot Issue?
Andy Green
andy at warmcat.com
Mon Mar 20 09:51:13 UTC 2006
jdow wrote:
> Thou art righteously screwed, Mr. Jim.
>
> 5.0 is not released yet. You MAY have a hacked nasty-tool on your system.
MAY is a bit different from the certainty of a righteous screwing. I
seriously doubt he should be more worried than you or I on a previous
Fedora release.
> Poor sucker. (At fedora's site at RedHat.com the FC 5 directory is not
> world readable yet.)
To be fair, when you install anything you MAY be installing something
bad, no matter if you got it from RHAT. They get their sources from
other projects and I seriously doubt someone line-by-lines them after
download. There continue to be attempts by bad people to backdoor
upstream project sources, including the kernel itself, in ways that are
hard to detect. We happily assume that every attempt known about is
indeed every attempt.
It seems to be a bit of a tradition that FCx leaks a little early after
it is finalized but while the mirrors are sync'd, and as somebody noted
the SHA-1s are signed with a RHAT key. However if it were me I would
download the thing but not install it until I checked the SHA-1s after
RHAT release, that way you at least optimized out the download time in
the most likely case it is genuine.
-Andy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4492 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060320/a7692c5a/attachment-0001.bin>
More information about the fedora-list
mailing list