[Discuss] Linux Mint backdoored

John Blomfield jabfield at shaw.ca
Mon Feb 22 09:59:41 PST 2016


On 02/21/2016 10:06 PM, Alan W. Irwin wrote:
> For example, if you have been using some Linux distro for years you
> should keep track of the identification information (e.g., name,
> e-mail, and unique identification numbers) associated with the
> electronic signature they use to sign their isos. And if that
> identification information changes without a bunch of publicity from
> the distro, then it is time to become suspicious. 

But this is the heart of the problem, is it not? If someone is trying 
Linux Mint for the first time or not kept information on the output from 
a previous clean download and its gpg signature check, how will they 
check the signature good since that could have been changed to match the 
modified file on the hacked website?

John

-- 
John Blomfield
Delivered by Thunderbird Email on Linux OpenSuse-KDE4






More information about the Discuss mailing list