Re: Automatic Debian security updates, an Implementation
>From Jan Niehusmann on Friday, 18 October, 2002:
>On Fri, Oct 18, 2002 at 08:24:31AM -0400, R. Bradley Tilley wrote:
>> Can someone explain why 'apt-get update && apt-get dist-upgrade' is not
>> sufficient to keep a debian system secure and updated?
>Of course, if the hacker managed to modify files on the master server,
>proper signatures would automatically get generated, and apt-check-sigs
>had no chance to detect these modifications. Still, checking signatures
>provides one more line of defense.
I've been thinking up a new, more secure way of doing apt. (Actually, it's
a modification of the current system.) It kind of has two levels, one
trusting apt's integrity, and the second would be a very paranoid system,
which requires more hardware knowledge (smartcard-like businesses) than
I currently possess.
If people are interested enough in it, I might throw together something
more formal.
-Joseph
--
Joseph===============================================trelane@digitasaru.net
"Alt text doesn't pop up unless you use an ancient browser from the days of
yore. The relevant standards clearly indicate that it should not, and I
only know about one browser released in the last two years that violates
this, and it's still claiming compatibility with Mozilla 4 (which was
obsolete quite long ago), so it really can't be considered a modern
browser." --jonadab, in a slashdot.org comment.
Reply to: