Re: Automatic Debian security updates, an Implementation

To: debian-security@lists.debian.org
Subject: Re: Automatic Debian security updates, an Implementation
From: Jan Niehusmann <jan@debian.org>
Date: Fri, 18 Oct 2002 14:36:45 +0200
Message-id: <[🔎] 20021018123645.GA14162@gondor.com>
In-reply-to: <[🔎] 200210180824.31781.rtilley@vt.edu>
References: <[🔎] 20021018105825.GA3174@ghanima.endorphin.org> <[🔎] 200210180824.31781.rtilley@vt.edu>

On Fri, Oct 18, 2002 at 08:24:31AM -0400, R. Bradley Tilley wrote:
> Can someone explain why 'apt-get update && apt-get dist-upgrade' is not 
> sufficient to keep a debian system secure and updated?

Because a hacked mirror could contain malicious packages.
When you check signatures before upgrading, you detect such intrusions.

Of course, if the hacker managed to modify files on the master server,
proper signatures would automatically get generated, and apt-check-sigs
had no chance to detect these modifications. Still, checking signatures
provides one more line of defense.

Jan

Reply to:

Follow-Ups:
- Re: Automatic Debian security updates, an Implementation
  - From: Joseph Pingenot <trelane@digitasaru.net>

References:
- Automatic Debian security updates, an Implementation
  - From: Fruhwirth Clemens <clemens@endorphin.org>
- Re: Automatic Debian security updates, an Implementation
  - From: "R. Bradley Tilley" <rtilley@vt.edu>

Prev by Date: Re: Automatic Debian security updates, an Implementation
Next by Date: Re: Automatic Debian security updates, an Implementation
Previous by thread: Re: Automatic Debian security updates, an Implementation
Next by thread: Re: Automatic Debian security updates, an Implementation
Index(es):
- Date
- Thread