On Sat, Apr 14, 2001 at 08:15:49PM -0600, Jason Gunthorpe wrote:
> On Sun, 15 Apr 2001, Raphael Hertzog wrote:
> > > Having more than one tree means it will be detected more than once and
> > > that certianly is not desirable, any may cause problems, like it asking
> > > for the disks in a non-ideal order, or something equally lame.
> > May or will cause problem ?
> I can't predict that. It might work OK in some cases, probably not in all.
> It is certainly not something I designed or tested for.
Easiest way is to do it and find out. We're not going to be releasing
tomorrow, so it doesn't matter much if the first pass is wrong.
> > > It will add them both and it becomes trivial for someone to defeat the
> > > security mechanisms.
> > Why ?
> What do you mean 'Why?' Put the bad files in the insecure space and
> let-er-rip.
> This scheme lets people make valid 'woody-secured' areas and hide nastly
> little bombs in the normal 'woody' area.
Sure. The user has to ensure what they point at is signed appropriately,
and use methods that care about signatures if they want any security.
Having random insecure files, however tempting they may look, shouldn't
stop a user from at least knowing whether they're using something straight
from Debian or not.
> > True, however people willing security over a loopbak mount are silly.
> > The main point was not about having security on a file URI but rather
> > about not breaking what already existed.
That's not true at all: the point is to get end-end security, independent
of the media used to get Debian from us to the end user. Whether it's
by ftp, or CD, or downloaded ISO, or a dozen partial mirrors on a dozen
continents, or whatever.
In addition to this, it's also about not breaking other things, wherever
possible.
> I am *so* sick of this 'Oh! Somebody might be using a tool that was last
> updated in 1997! We better not do something or it might break it!'
> attitude.
"Oh! Somebody might be using apt-cdrom that was last updated at least a few
hours ago! We better not do something or it might break it!" :)
Saying something like:
When upgrading using an old apt-cdrom, if you wish to ensure that
you're getting what you paid for do the following:
* Check debian/dists/woody/Release{,.gpg} match
* Run the following script to ensure that
debian/dists/woody/Release accurately hashes the Packages
files
* Run apt-cdrom over each CD
* Remove the lines referencing woody-cd#X -- these are not
secured.
probably isn't unreasonable, at worst.
(Checking the MD5 of the ISO may not be possible if it's already been burnt
or if it's not quite official)
Cheers,
aj
--
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.
``_Any_ increase in interface difficulty, in exchange for a benefit you
do not understand, cannot perceive, or don't care about, is too much.''
-- John S. Novak, III (The Humblest Man on the Net)
Attachment:
pgp0u6e2lnDFc.pgp
Description: PGP signature