[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits from the CD team: plans for debian-cd v3.0

On Tue, Jul 12, 2005 at 04:10:30PM +0100, Colin Watson wrote:
>On Tue, Jul 12, 2005 at 05:23:39PM +0300, Steve McIntyre wrote:
>>  10. Signed Release files - we need a way to generate signed Release
>>      files on CDs, or to make apt happy with _all_ CDs (which is
>>      probably dangerous).
>The problem we (Ubuntu) encountered after experience with signed CDs is
>that a lot of people want to customise a CD image they've got, and
>Release signatures make it really painful to do that; not to mention
>developers trying to test small modifications to those same CD images.
>I'm not really convinced that making apt happy with all CDs is actually
>dangerous. Distributed CD images can be verified in other ways (does
>jigdo-lite look for signed md5sums? I could imagine making it do so, if
>it doesn't already), and people work around CD image signatures so much
>that I've come to believe that they're worse than useless. Michael Vogt
>is working on a modification to apt to make it trust all CDs.

Yes, this is a thorny area. I'm a little concerned - if we've gone to
all the effort of adding signatures to the main archive, then it does
seem to be ducking the problem to just trust all CDs. Allowing CDDs
and redistributors to add new signatures as well should boost the
security of the whole chain to the end user, too.

Maybe I'm being paranoid, but it wouldn't be too hard to get a lot of
users to to blindly install bad packages (e.g. from a trojanned cover

Steve McIntyre, Cambridge, UK.                                steve@einval.com
Support the Campaign for Audiovisual Free Expression: http://www.eff.org/cafe/

Attachment: signature.asc
Description: Digital signature

Reply to: