[olug] I learn new things about Linux every day

Kevin sharpestmarble at gmail.com
Sun Mar 18 01:06:17 UTC 2012


If you're going to be installing packages(as binaries), then you're
going to have to trust those sources. Otherwise it would be so easy to
mess with a %install script in any one of `( rpm -qa ; dpkg --list ) |
wc -l ` packages. So as long as you're going to be trusting that many
packages, you might as well trust one person rather than several
(hundred, probably). And to verify those people, you would have to
verify the source they used to build the packages. And then what about
updates? You have to either trust the source of those updates, or
verify the source each time an update comes along. I don't know about
you, but I don't have that much time. And if you were to trust them,
then you would have to trust that you don't get subjected to a
man-in-the-middle attack, which means trusting certificate
authorities(in this world). And then that means that DigiNoTar doesn't
come along again from any one of the many certificate
authorities(Taiwan Government Root Certification Authority?! Really?!)

On Sat, Mar 17, 2012 at 17:07, Rob Townley <rob.townley at gmail.com> wrote:
> i am reluctant to have other software build OS installation media for
> me because so much trust and verification is required so that they
> install a rootkit.  Having said that, one of the nice things about the
> following projects is that it provides a very easy way to install
> multiple ISOs onto a single bootable USB stick.  Then one click qemu
> testing of each install option.
>
> http://sourceforge.net/projects/multibootusb/
> http://liveusb.info/multisystem/
>
>
>
> On Thu, Mar 15, 2012 at 4:21 PM,  <aric at omahax.com> wrote:
>> Yeah Fabrice Bellard kicks ass.
>>
>>> Looking at qemu more closely it seems like a fairly nifty tool.
>>> On Mar 15, 2012 1:42 PM, "Adam Haeder" <adam at adamhaeder.com> wrote:
>>>
>>>> I've worked with Linux for a long time, and I love the fact that almost
>>>> daily I stumble across something that I didn't know. Today's was a
>>>> command
>>>> to test if the bootable usb key you just made actually works:
>>>>
>>>> # qemu -hda /dev/sdb -m 256 -vga std
>>>>
>>>> Replace /dev/sdb with the device name of your usb stick.
>>>>
>>>> I thought that was pretty awesome.
>>>>
>>>> --
>>>> Adam Haeder
>>>> adam at adamhaeder.com
>>>>
>>>> Check out my latest book: LPI Linux Certification in a Nutshell from
>>>> O'Reilly: http://bit.ly/bvQQ0I
>>>> _______________________________________________
>>>> OLUG mailing list
>>>> OLUG at olug.org
>>>> https://lists.olug.org/mailman/listinfo/olug
>>>>
>>> _______________________________________________
>>> OLUG mailing list
>>> OLUG at olug.org
>>> https://lists.olug.org/mailman/listinfo/olug
>>>
>>
>> _______________________________________________
>> OLUG mailing list
>> OLUG at olug.org
>> https://lists.olug.org/mailman/listinfo/olug
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug



More information about the OLUG mailing list