Re: Secure apt-get

To: Klaus Reimer <kay@debian.org>
Cc: Goswin Brederlow <goswin.brederlow@student.uni-tuebingen.de>, debian-devel@lists.debian.org
Subject: Re: Secure apt-get
From: Goswin Brederlow <goswin.brederlow@student.uni-tuebingen.de>
Date: 19 Jan 2001 10:04:41 +0100
Message-id: <[🔎] 87puhjx68m.fsf@mose.informatik.uni-tuebingen.de>
In-reply-to: Klaus Reimer's message of "Thu, 18 Jan 2001 23:53:01 +0100"
References: <[🔎] 01011819481401.00676@neo> <[🔎] 87itnc1q9f.fsf@mose.informatik.uni-tuebingen.de> <[🔎] 01011823530101.00413@neo>

>>>>> " " == Klaus Reimer <kay@debian.org> writes:

     > Hi,
    >> The problem with signing packages is that you can't trust a
    >> computer to do it for obvious reasons (like
    >> building/installation of packages being done as root).  And a
    >> person signing packages would hold up uploads for ages.

     > Well, I am new to debian, maybe I am missing something,
     > but... The *.dsc containg the checksums for the source files
     > are already signed by the maintainers. What about doing the
     > same with the binary packages? apt-get can download both files
     > (Signed checksum file and binary package) and can check the
     > signature.

Because of autobuilders. Most packages are not build by the
maintainer.

    >> strict routing and theres hardly anyone in the middle. The data
    >> comes from your isp to your router to your system. If you don't
    >> trust your router, your fault. If you don't trust your ISP,
    >> bad.

     > I trust my provider that he is not hacking me but I don't trust
     > my provider that he is secured enough to prevent being hacked.

    >> If someone realy wants to give you false packages, he can just
    >> look over your shoulder for your root passwd instead of hacking
    >> into your ISP to be man in the middle.

     > I don't agree with that. I can do something to prevent a spy
     > behind me, but how can I prevent my ISP to be hacked? Yes,
     > maybe I am paranoid...

I trust that my provider is big enough that a person hacking into him
will be flooded by to much data to single out my special connection
and play man in the middle.

As to you taking actions agains someone spying on you: Did you know
that you can see whats on your monitor and hear what keys you type
even from a km away with some simple hardware like an osziloscope and
a TV and some reciever.

    >> By the way, how do you know that the debian keyring is what it
    >> claims to be?

     > Good point. But I am not THAT paranoid. But if I am REALLY
     > paranoid I have to phone-check a lot of fingerprints or do
     > other paranoid things ;-)

     > I think there are some nice ways to distribute the keyring
     > securely and guarentee that it is valid and not compromised.

The question is weather there is a chain of signatures from your key
to any other maintainer. Provided you fully trust every maintainer to
only sign keys after checking the id, that would give you enough prove
that each maintainer is who he says.

Still, maybe one of those maintainers is the man in the middle and
wants to do something nasty. He can just stick in some code into his
source that checks for your user, hostname, hardware or similar stuff
and then delete your harddrive. Given the amount of source in debian,
this probably goes unnoticed pretty long.

To protect you reasonably from hacked packages you have to trust all
maintainers and compile all packages from source, which are signed.

MfG
        Goswin

Reply to:

Follow-Ups:
- Re: Secure apt-get
  - From: andrew@pimlott.ne.mediaone.net (Andrew Pimlott)

References:
- Secure apt-get
  - From: Klaus Reimer <kay@debian.org>
- Re: Secure apt-get
  - From: Goswin Brederlow <goswin.brederlow@student.uni-tuebingen.de>
- Re: Secure apt-get
  - From: Klaus Reimer <kay@debian.org>

Prev by Date: libdb3
Next by Date: Re: Packages and signatures
Previous by thread: Re: Secure apt-get
Next by thread: Re: Secure apt-get
Index(es):
- Date
- Thread