Yesterday it was announced a series of university servers in Germany have been hacked.
( Sorry for German link , could not find another. )
http://www.heise.de/newsticker/meldung/ … 22857.html
Some of them also host pacman mirrors, like for example the university of Göttingen which was the fastest and highest rated mirror back when i have updated the mirrorlist.
Heidelberg, Freiburg and Berlin were hacked, too , but i do not know if they host archlinux mirrors.
If you have information on the subject please leave a note.
Last edited by teateawhy (2012-10-05 20:56:36)
English version (not sure if the same content) http://www.h-online.com/security/news/i … 24116.html
Edit: The English language version is pretty similar but not identical.
The link to the English version is at the bottom of the German text.
Last edited by karol (2012-10-05 14:26:27)
Not really a Pacman issue. Moving to Arch Discussion.
To know or not to know ...
... the questions remain forever.
If the hackers modified any packages, they'll fail to verify when pacman checks them with the packager keys. So unless you bypass the key checks (either by turning checking off in pacman.conf, or by manually installing packages with -U), you don't need to worry.
Mobo: ASUS P8Z77-V PRO // Processor: Intel Core i7-3770K 3.4GHz // GFX: nVidia GeForce GTX 970 Ti // RAM: 32GB (4x 8GB) Corsair DDR3 (@ 2133MHz) // Storage: 1x 3TB Seagate SATAII 5x 1TB Samsung SATAII, 2x 120GB Corsair SSD
I think hackers have better things to do with a hacked university servers than messing with random packages for some linux distro. Which would be useless anyway as stated above.
If in doubt whether or not that arch linux is hosted on those servers check here http://www.archlinux.org/mirrors/status/ - it lists all of the available servers.
Last edited by DarkCerberus (2012-10-05 19:25:53)
Thanks for your answers i will mark the thread as solved. Especially to WorMzy for pointing out the benefits of package signing, that was enabled on my system for some time now.