Re: Revival of the signed debs discussion
On Mon, Dec 01, 2003 at 03:56:59PM +0000, Scott James Remnant wrote:
> Assuming that level of compromise, there's no recent to suspect that
> they couldn't have free reign adding anything to the archive they
> wanted. Signed .debs gain you nothing here.
If every .deb must be signed by a developer, and we assume that no
developer leaves secret keys on public machines, then signed .debs does
save the day.
Even if the attacker could place a new keyring file in the archive,
people verifying signatures on signed .debs would not install it, since
it would not have the signature of a developer.
All other attacked debs would also fail to install, since they would not
have the signature of a developer.