[OS X TeX] security issue?
Brian Koontz
brian at pongonova.net
Sun Aug 3 23:18:47 EDT 2008
On Mon, Aug 04, 2008 at 11:29:16AM +0900, Victor Ivrii wrote:
> Generally it is possible but does it really make a difference? I
> uploaded today precompiled binaries of xpdf. I could put them on my
> own server and put a link. From the point of view of the person who
> downloads a trojan it does not make any difference. If I wanted to put
> a trojan and could not put it on your server I could use mediafire,
> rapidshare,.... etc (if I wanted not to put on my server).
It's not you I worry about :)
> PS Last time I have seen Mac virus was ~15 ya.
And it's not viruses I'm thinking about. I'm talking about someone
taking a Mac executable (I believe there are a few on the wiki, tucked
away behind .sit and .gz files) and doing something malicious to it
and uploading it as the "real deal." Mac users are certainly not
immune to this. And there are a lot of people out there with a lot of
time on their hands to do this sort of thing.
Not trying to be the resident doomsayer. Just something to think
about.
Question: Are there any Mac apps currently hosted on the wiki that
can be accessed from their primary source? I'd suggest linking
directly to these sources, rather than maintaining the file on the
wiki (said file probably being outdated as we speak).
A bit of Googling, for instance, tells me that Xy-pic is hosted on
TUG, so why would we want to mirror what TUG already has for this
package?
(Granted, this is probably not the best example, as Xy-pic appears to
be a package that doesn't contain an executable. Still, why use
bandwidth on files that are accessible via other repositories?)
--Brian
More information about the MacOSX-TeX
mailing list