[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: https for apt to prevent man in middle transparent proxy mirror attacks?

On Wed, 2004-06-09 at 16:08 +0200, Federico Di Gregorio wrote:
> Lì mercoledì, 2004/06/09 alle 06:44, -0700, Karl Hegbloom ha scritto:
> > Paranoia department (sign my key; target on my back):
> > 
> > What if someone had control of a network who was "not a big Debian fan",
> > or who just wanted to be evil and get trojan horse software onto
> > people's computers for one reason or another.  This person sets up the
> > routers so that accesses to the official Debian mirrors are
> > transparently proxied to a mirror they keep, but with certain strategic
> > programs shadowed by their own version, with special patches applied.
> 
> maybe i simply don't understand, but isn't Packages file signing done
> exactly to avoid such an attack?

Can you please explain how that works?

-- 
Karl Hegbloom <hegbloom@pdx.edu>
Reply to: