Bug#413070: notes on security

To: 413070@bugs.debian.org
Subject: Bug#413070: notes on security
From: Christoph Anton Mitterer <christoph.anton.mitterer@physik.uni-muenchen.de>
Date: Sun, 06 Sep 2009 01:12:55 +0200
Message-id: <[🔎] 20090906011255.16964n48m45kn4w0@webmail.physik.uni-muenchen.de>
Reply-to: Christoph Anton Mitterer <christoph.anton.mitterer@physik.uni-muenchen.de>, 413070@bugs.debian.org

Hi.

May I suggest in advance:

If you download stuff from the web (e.g. the truecrypt sources) thatget somhow installed,.. you really should add some hashsums checking(SHA512) and abort package installation (or creation) if the sumsdon't match with the ones shipped with your package (and probably warnthe user about a potential security incident).


Best wishes,
Chris

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

Reply to:

Follow-Ups:
- Bug#413070: notes on security
  - From: Jari Aalto <jari.aalto@cante.net>

Prev by Date: Bug#485827: still working on this
Next by Date: Bug#457318: anything new here
Previous by thread: Processed: Re: Bug#485827: still working on this
Next by thread: Bug#413070: notes on security
Index(es):
- Date
- Thread