Re: Automatic Debian security updates, an Implementation
>IMHO there is no lack of interesting ideas - what we really need are
>implementations.
Ja. I just have to find the time. :)
>apt-check-sigs is a nice proof-of-concept, and the debsigs stuff could
>also improve security significantly. Together, I'd say they'd suffice to
>make the debian mirrors extremely tamper-proof.
>But apt-check-sigs is lacking nice integration into existing tools, and
>debsigs doesn't really work, because packages are not signed, which is
>IMHO caused by inappropriate helper tools at packaging time.
Hrm. I guess I'll have to check into those.
>So implementing these tools, and then changing policy to make package
>signatures mandatory, seems to be the most feasible approach.
Making package sigs mandatory is the critical bit, IMHO.
-Joseph
--
Joseph===============================================trelane@digitasaru.net
"Alt text doesn't pop up unless you use an ancient browser from the days of
yore. The relevant standards clearly indicate that it should not, and I
only know about one browser released in the last two years that violates
this, and it's still claiming compatibility with Mozilla 4 (which was
obsolete quite long ago), so it really can't be considered a modern
browser." --jonadab, in a slashdot.org comment.
Reply to: