On Thu, Nov 24, 2005 at 07:17:06PM +0100, Goswin von Brederlow wrote: > > That's easy: you trust the Packages file to be correct when using apt, > > and it's not verified at all by per-package signatures. > In what way trust and how does that change anything? > At best you can prevent a newer version of a package to appear in the > Packages file by compromising it. You can't subvert a package itself. > But you can already ship yesterdays Release.gpg, Release and Packages > file to a user and thereby prevent any updates. > On the other hand, without package signatures ftp-master adds a > vulnerability. You can hack into it, replace debs, recreate the > Packages, Release and Release.gpg file and thereby infect users. With > signed debs that could still be detected by every user in apt-get. Only if every user is in a position to verify signatures from each Debian developer individually, which is completely unrealistic. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. vorlon@debian.org http://www.debian.org/
Attachment:
signature.asc
Description: Digital signature