mailing list archives
vsftpd download backdoored
From: Solar Designer <solar () openwall com>
Date: Mon, 4 Jul 2011 01:16:27 +0400
Here's a great example of why maintainers should sign their release
tarballs, why distributions should insist on that, and why they should
actually check the signatures indeed.
I think we should be referring to this when convincing people to do that
(I had moderate success so far - some projects started signing their
tarballs after my suggestions/requests, some did not).
New vsftpd homepage:
- vsftpd download backdoored Solar Designer (Jul 03)