From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: ludovic.courtes@laas.fr (Ludovic =?iso-8859-1?Q?Court=E8s?=) Newsgroups: gmane.lisp.guile.devel Subject: Re: Guile 1.7.91 has been released. Date: Tue, 14 Feb 2006 10:22:20 +0100 Organization: LAAS-CNRS Message-ID: <87irrixpkj.fsf@laas.fr> References: <87y80gyxrq.fsf@zagadka.de> <87zmkvmw7s.fsf@laas.fr> <87pslryr5n.fsf@zagadka.de> NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1139908971 8297 80.91.229.2 (14 Feb 2006 09:22:51 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Tue, 14 Feb 2006 09:22:51 +0000 (UTC) Cc: guile-devel@gnu.org Original-X-From: guile-devel-bounces+guile-devel=m.gmane.org@gnu.org Tue Feb 14 10:22:44 2006 Return-path: Envelope-to: guile-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by ciao.gmane.org with esmtp (Exim 4.43) id 1F8wOR-0001zB-QQ for guile-devel@m.gmane.org; Tue, 14 Feb 2006 10:22:44 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1F8wOQ-0004Of-VN for guile-devel@m.gmane.org; Tue, 14 Feb 2006 04:22:43 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1F8wOK-0004NH-1x for guile-devel@gnu.org; Tue, 14 Feb 2006 04:22:36 -0500 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1F8wOI-0004Jv-8c for guile-devel@gnu.org; Tue, 14 Feb 2006 04:22:34 -0500 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1F8wOH-0004Jk-RE for guile-devel@gnu.org; Tue, 14 Feb 2006 04:22:33 -0500 Original-Received: from [140.93.0.15] (helo=laas.laas.fr) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1F8wSv-0006QQ-Hc for guile-devel@gnu.org; Tue, 14 Feb 2006 04:27:21 -0500 Original-Received: by laas.laas.fr (8.13.1/8.13.4) with SMTP id k1E9MUrZ020635; Tue, 14 Feb 2006 10:22:32 +0100 (CET) Original-To: Marius Vollmer X-URL: http://www.laas.fr/~lcourtes/ X-Revolutionary-Date: 26 =?iso-8859-1?Q?Pluvi=F4se?= an 214 de la =?iso-8859-1?Q?R=E9volution?= X-PGP-Key-ID: 0xEB1F5364 X-PGP-Key: http://www.laas.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 821D 815D 902A 7EAB 5CEE D120 7FBA 3D4F EB1F 5364 X-OS: powerpc-unknown-linux-gnu Mail-Followup-To: Marius Vollmer , guile-devel@gnu.org In-Reply-To: <87pslryr5n.fsf@zagadka.de> (Marius Vollmer's message of "Mon, 13 Feb 2006 21:50:28 +0200") User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/21.4 (gnu/linux) X-Spam-Score: 0 () X-Scanned-By: MIMEDefang at CNRS-LAAS X-BeenThere: guile-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Developers list for Guile, the GNU extensibility library" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: guile-devel-bounces+guile-devel=m.gmane.org@gnu.org Errors-To: guile-devel-bounces+guile-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.lisp.guile.devel:5700 Archived-At: Hi, Marius Vollmer writes: > Well, they get to choose both texts that have a MD5 collision. > Looking at the PostScript source reveals that the texts have been > rigged, which should be enough if this goes to court. In our case, an > attacker would need to find a second meaningful text that collides > with the text that we provide. I guess that is much harder to do. Well, since *you* are malicious, you could very well have prepared a second tarball whose MD5 is the same and which you will propagate during the days following the announcement. ;-) Seriously, this kind of attack is really about the level of trust one can have in the *emitter* of the tarball and checksum. > And the tarball is signed with a SHA1 hash anyway. Maybe I should > include the signature in the announcement and not a checksum... Right. Thanks, Ludovic. _______________________________________________ Guile-devel mailing list Guile-devel@gnu.org http://lists.gnu.org/mailman/listinfo/guile-devel