Re: Bits from the CD team: plans for debian-cd v3.0
On Thu, 14 Jul 2005, Steve McIntyre wrote:
> Yes, this is a thorny area. I'm a little concerned - if we've gone to
> all the effort of adding signatures to the main archive, then it does
> seem to be ducking the problem to just trust all CDs. Allowing CDDs
> and redistributors to add new signatures as well should boost the
> security of the whole chain to the end user, too.
>
> Maybe I'm being paranoid, but it wouldn't be too hard to get a lot of
> users to to blindly install bad packages (e.g. from a trojanned cover
> disc).
There was a similar argument some years back. On one side there was
customizable CDs, the other a rock solid security chain. What emerged
from the discussion was that a suprising number of people produced their
own disc sets for a variety of reasons. So customisable disc sets won
out. I would imagine that this would still be the situation today.
Phil.
--
Philip Charles; 39a Paterson Street, Abbotsford, Dunedin, New Zealand
+64 3 488 2818 Fax +64 3 488 2875 Mobile 025 267 9420
philipc@copyleft.co.nz - preferred. philipc@debian.org
I sell GNU/Linux & GNU/Hurd CDs & DVDs. See http://www.copyleft.co.nz
Reply to: