From: ludovic.courtes@laas.fr (Ludovic Courtès)
Cc: guile-devel@gnu.org
Subject: Re: Guile 1.7.91 has been released.
Date: Tue, 14 Feb 2006 10:22:20 +0100 [thread overview]
Message-ID: <87irrixpkj.fsf@laas.fr> (raw)
In-Reply-To: <87pslryr5n.fsf@zagadka.de> (Marius Vollmer's message of "Mon, 13 Feb 2006 21:50:28 +0200")
Hi,
Marius Vollmer <mvo@zagadka.de> writes:
> Well, they get to choose both texts that have a MD5 collision.
> Looking at the PostScript source reveals that the texts have been
> rigged, which should be enough if this goes to court. In our case, an
> attacker would need to find a second meaningful text that collides
> with the text that we provide. I guess that is much harder to do.
Well, since *you* are malicious, you could very well have prepared a
second tarball whose MD5 is the same and which you will propagate
during the days following the announcement. ;-)
Seriously, this kind of attack is really about the level of trust one
can have in the *emitter* of the tarball and checksum.
> And the tarball is signed with a SHA1 hash anyway. Maybe I should
> include the signature in the announcement and not a checksum...
Right.
Thanks,
Ludovic.
_______________________________________________
Guile-devel mailing list
Guile-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/guile-devel
next prev parent reply other threads:[~2006-02-14 9:22 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-02-12 23:15 Guile 1.7.91 has been released Marius Vollmer
2006-02-12 23:46 ` Michael Tuexen
2006-02-14 21:50 ` Marius Vollmer
2006-02-18 23:45 ` Han-Wen Nienhuys
2006-02-20 20:59 ` Marius Vollmer
2006-02-13 8:37 ` Han-Wen Nienhuys
2006-02-13 9:41 ` Ludovic Courtès
2006-02-13 19:50 ` Marius Vollmer
2006-02-14 9:22 ` Ludovic Courtès [this message]
2006-02-14 19:39 ` Marius Vollmer
2006-02-13 12:49 ` Bill Schottstaedt
2006-02-13 21:35 ` Kevin Ryde
2006-02-13 22:33 ` Bill Schottstaedt
2006-02-13 22:50 ` Kevin Ryde
2006-02-13 23:35 ` Bill Schottstaedt
2006-02-14 0:58 ` Kevin Ryde
2006-02-14 1:28 ` Kevin Ryde
2006-02-14 21:36 ` Bill Schottstaedt
2006-02-15 0:03 ` Kevin Ryde
2006-02-15 7:56 ` Ludovic Courtès
2006-02-15 12:37 ` Guile 1.7.91 has been released (x86-64 segfault) Bill Schottstaedt
2006-02-14 9:27 ` Guile 1.7.91 has been released Ludovic Courtès
2006-02-13 15:31 ` Bill Schottstaedt
2006-02-14 8:50 ` Andy Wingo
2006-02-20 18:36 ` Neil Jerram
2006-02-20 20:04 ` Bill Schottstaedt
2006-02-13 18:40 ` Bill Schottstaedt
2006-02-14 11:35 ` Han-Wen Nienhuys
2006-02-14 21:32 ` Marius Vollmer
2006-02-14 13:58 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/guile/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87irrixpkj.fsf@laas.fr \
--to=ludovic.courtes@laas.fr \
--cc=guile-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).