Re: security of apt
On Sun, Jan 25, 2004 at 06:19:28PM +0100, Horst Pflugstaedt wrote:
> On Sun, Jan 25, 2004 at 04:12:59PM +0100, Erik Hjelm?s wrote:
> > I've spent a few hours searching, what Im looking for is a discussion
> > of different security aspects of apt, questions like
> > - What are the possible threats in terms of ip spoofing, dns cache
> > poisoning? (are there any solutions in terms of PKI (PGP) or similar
> > discussed somewhere?)
> that issue is the same as for every web-based download.
For apt < 0.6, this is true. In apt 0.6, all binary packages are
authenticated using gnupg, and so network trust is not an issue.