Re: Bad press again...
Am Samstag, 27. August 2005 15:44 schrieb martin f krafft:
> No. Imagine exim gets a root exploit and I spoof the DNS to some
> mirror of s.d.o. That mirror will be consistent wrt secure APT, but
> it won't get updates, so admins who don't follow DSAs and run
> apt-get upgrade consciously and carefully are going to be left in
> the naive belief that they are safe because s.d.o doesn't have any
> new stuff.
This scenario could be avoided if s.d.o would authenticate itself.
Is authentication of the server something which has been considered
with secure apt? Even if you mirror all of s.d.o you still do not
have it's certificates.
Rudolf Lohner - Universitaet Karlsruhe (TH)
Rechenzentrum, Zirkel 2, D-76128 Karlsruhe
Phone: +49-721-608-6958, Fax: +49-721-32550