security (was: Re: my platform for Debian Project Leader)
On Tue, Feb 20, 2001 at 10:24:03PM -0500, Branden Robinson wrote:
> The purpose of this message is to outline the reasons I running for Debian
> Project Leader, and to present an idea of some specific things I would like
> to accomplish during my term, if elected.
You forgot to tell about security. More and more people are concerned about
trojans in automatically downloaded packages. I know that there's no really
good solution as in the end it is all software from different authors but
we must at least do a bit more for security. Proposals are e.g.
* APT could automatically check signatures on downloaded sources
* APT could automatically check signatures on packages which the maintainer
has self builded.
* A task force could check the diffs and md5sum check the .orig.tar.gz's for
malicious code - yeah, I know it's easy to hide but we normally don't have
that much source code changes outside the /debian dir.
* something. At least make the users aware how much or less the security they
get from RedHats signed packages really is for them.
* More more people for the security fix team.
bye,
-christian-
--
Christian Hammers WESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
ch@westend.com Internet & Security for Professionals Fax 0241/911879
WESTEND ist CISCO Systems Partner - Premium Certified
Reply to: