Secure apt-get
Hi,
Is there already any feature to run apt-get in a secure way? I mean that it
installs only TRUSTED packages. I think it is possible to hack a system with
a man-in-the-middle-attack (I am not a hacker, don't know if this is
technically possible). If I am installing/downloading i.E. joe from
ftp.debian.org and a hacker between me and this server gives me a HACKED
package with a postinst changing the root-Password or something like that I
am doomed. Would be a very nice feature if I can give apt-get a parameter so
it checks the signatures of downloaded packages (I know, currently they don't
have signatures) and refuses the installation if the signature is unknown. A
basic set of public keys (debian-keyring) must be included in the debian
base-package. Is something like that already possible (I don't think so,
because there are no signatures in the packages) or do you think it's a good
idea for the future? Or was it already discussed?
--
Bye
K
Reply to: