[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: https for apt to prevent man in middle transparent proxy mirror attacks?

On Wed, 2004-06-09 at 18:28 +0200, Javier Fernández-Sanguino Peña wrote:
> On Wed, Jun 09, 2004 at 07:15:21AM -0700, Karl Hegbloom wrote:
> > > maybe i simply don't understand, but isn't Packages file signing done
> > > exactly to avoid such an attack?
> > 
> > Can you please explain how that works?
> 
> Sure, how about this:
> http://www.debian.org/doc/manuals/securing-debian-howto/ch7.en.html#s-deb-pack-sign
> 
> Feel free to provide comments improving it if you don't understand it.

Thank you for pointing this out.  It is exactly what I was in need of.
I will certainly read it and anything else you folks think I should see
regarding this topic.  If I have any further questions, I'll post them
here as a reply on this thread.

-- 
Karl Hegbloom <hegbloom@pdx.edu>
Reply to: