On 3/20/06, Andy Green <andy@xxxxxxxxxxx> wrote: > jdow wrote: > > > Thou art righteously screwed, Mr. Jim. > > > > 5.0 is not released yet. You MAY have a hacked nasty-tool on your system. > > MAY is a bit different from the certainty of a righteous screwing. I > seriously doubt he should be more worried than you or I on a previous > Fedora release. > > > Poor sucker. (At fedora's site at RedHat.com the FC 5 directory is not > > world readable yet.) > > To be fair, when you install anything you MAY be installing something > bad, no matter if you got it from RHAT. They get their sources from > other projects and I seriously doubt someone line-by-lines them after > download. There continue to be attempts by bad people to backdoor > upstream project sources, including the kernel itself, in ways that are > hard to detect. We happily assume that every attempt known about is > indeed every attempt. > > It seems to be a bit of a tradition that FCx leaks a little early after > it is finalized but while the mirrors are sync'd, and as somebody noted > the SHA-1s are signed with a RHAT key. However if it were me I would > download the thing but not install it until I checked the SHA-1s after > RHAT release, that way you at least optimized out the download time in > the most likely case it is genuine. > > -Andy > > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list > > > sha1sum /media/disk-1/FC-5-i386-DVD.iso ed9a852cf77250c3ae111c621d350af5c0b0a29b /media/disk-1/FC-5-i386-DVD.iso -- Registered Linux User: #376813 www.fedorajim.homelinux.com
