Re: Automatic Debian security updates, an Implementation

To: Jan Niehusmann <jan@debian.org>
Cc: debian-security@lists.debian.org
Subject: Re: Automatic Debian security updates, an Implementation
From: Joseph Pingenot <trelane@digitasaru.net>
Date: Fri, 18 Oct 2002 09:37:59 -0500
Message-id: <[🔎] 20021018143758.GB31649@digitasaru.net>
Mail-followup-to: Jan Niehusmann <jan@debian.org>, debian-security@lists.debian.org
Reply-to: trelane@digitasaru.net
In-reply-to: <[🔎] 20021018135553.GA14701@gondor.com>
References: <[🔎] 20021018105825.GA3174@ghanima.endorphin.org> <[🔎] 200210180824.31781.rtilley@vt.edu> <[🔎] 20021018123645.GA14162@gondor.com> <[🔎] 20021018132014.GA31649@digitasaru.net> <[🔎] 20021018135553.GA14701@gondor.com>

>IMHO there is no lack of interesting ideas - what we really need are
>implementations. 

Ja.  I just have to find the time.  :)

>apt-check-sigs is a nice proof-of-concept, and the debsigs stuff could
>also improve security significantly. Together, I'd say they'd suffice to
>make the debian mirrors extremely tamper-proof. 
>But apt-check-sigs is lacking nice integration into existing tools, and
>debsigs doesn't really work, because packages are not signed, which is
>IMHO caused by inappropriate helper tools at packaging time.

Hrm.  I guess I'll have to check into those.

>So implementing these tools, and then changing policy to make package
>signatures mandatory, seems to be the most feasible approach.

Making package sigs mandatory is the critical bit, IMHO.


-Joseph

-- 
Joseph===============================================trelane@digitasaru.net
"Alt text doesn't pop up unless you use an ancient browser from the days of
 yore. The relevant standards clearly indicate that it should not, and I
 only know about one browser released in the last two years that violates
 this, and it's still claiming compatibility with Mozilla 4 (which was
 obsolete quite long ago), so it really can't be considered a modern
 browser."  --jonadab, in a slashdot.org comment.

Reply to:

References:
- Automatic Debian security updates, an Implementation
  - From: Fruhwirth Clemens <clemens@endorphin.org>
- Re: Automatic Debian security updates, an Implementation
  - From: "R. Bradley Tilley" <rtilley@vt.edu>
- Re: Automatic Debian security updates, an Implementation
  - From: Jan Niehusmann <jan@debian.org>
- Re: Automatic Debian security updates, an Implementation
  - From: Joseph Pingenot <trelane@digitasaru.net>
- Re: Automatic Debian security updates, an Implementation
  - From: Jan Niehusmann <jan@debian.org>

Prev by Date: Re: ssh "banner"
Next by Date: Re: Automatic Debian security updates, an Implementation
Previous by thread: Re: Automatic Debian security updates, an Implementation
Next by thread: Re: Automatic Debian security updates, an Implementation
Index(es):
- Date
- Thread