[maemo-developers] Security Guidance for N800 OS development

From: Kees Jongenburger kees.jongenburger at gmail.com
Date: Tue Feb 20 18:53:15 EET 2007
On 2/20/07, Marius Gedminas <marius at pov.lt> wrote:
> On Tue, Feb 20, 2007 at 01:19:56PM +0100, Kees Jongenburger wrote:
> > On 2/20/07, Marius Gedminas <marius at pov.lt> wrote:
> > >Also, due to a bug, the X server on the N800 listens on TCP port 6000:
> > >https://maemo.org/bugzilla/show_bug.cgi?id=1055.
> > >
> > >I wonder how many people install OpenSSH/Dropbear and then leave......
> >
> > I wonder how many people thrust the openssh deb :p
> If you have reasons not to trust it, please elaborate.

Hello Marius, I would feel more comfortable if I knew the
package was built from on a maemo server. Nobody can really thrust
binary packages anyway. Not only that but we also need to thrust the
location where the openssh.install file is located. in this case
http://mg.pov.lt/770/openssh.install and we need to hope that no other
repository contains a forged  openssh  pacakge. enough reasons IMHO to
say that the system is not very secure.


More information about the maemo-developers mailing list