> or perhaps, if I am mirror A have a watchdog script compare my md5 sum to > every other md5 sum accross the mirrors, and take some action should the > ratio of unmatching MD5's falls below a certain percentage... Should the published MD5 sum of a file I have mirrored be different on *ANY* of the other mirrors (or the primary site) be different from the calculated MD5 sum of my file, all sorts of bells and whistles should go off. Something is wrong; either my copy or their copy is bad. Either way, something needs to be done about it. Such a scheme would have a) stopped the mirroring of the trojaned ssh package. b) detected the trojaned ssh package much faster. // J
This archive was generated by hypermail 2b30 : Mon Aug 05 2002 - 10:47:17 PDT