On Tue, Jul 12, 2005 at 04:10:30PM +0100, Colin Watson wrote: >On Tue, Jul 12, 2005 at 05:23:39PM +0300, Steve McIntyre wrote: >> 10. Signed Release files - we need a way to generate signed Release >> files on CDs, or to make apt happy with _all_ CDs (which is >> probably dangerous). > >The problem we (Ubuntu) encountered after experience with signed CDs is >that a lot of people want to customise a CD image they've got, and >Release signatures make it really painful to do that; not to mention >developers trying to test small modifications to those same CD images. > >I'm not really convinced that making apt happy with all CDs is actually >dangerous. Distributed CD images can be verified in other ways (does >jigdo-lite look for signed md5sums? I could imagine making it do so, if >it doesn't already), and people work around CD image signatures so much >that I've come to believe that they're worse than useless. Michael Vogt >is working on a modification to apt to make it trust all CDs. Yes, this is a thorny area. I'm a little concerned - if we've gone to all the effort of adding signatures to the main archive, then it does seem to be ducking the problem to just trust all CDs. Allowing CDDs and redistributors to add new signatures as well should boost the security of the whole chain to the end user, too. Maybe I'm being paranoid, but it wouldn't be too hard to get a lot of users to to blindly install bad packages (e.g. from a trojanned cover disc). -- Steve McIntyre, Cambridge, UK. steve@einval.com Support the Campaign for Audiovisual Free Expression: http://www.eff.org/cafe/
Attachment:
signature.asc
Description: Digital signature