[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits from the CD team: plans for debian-cd v3.0

On Thu, 14 Jul 2005, Steve McIntyre wrote:

> Yes, this is a thorny area. I'm a little concerned - if we've gone to
> all the effort of adding signatures to the main archive, then it does
> seem to be ducking the problem to just trust all CDs. Allowing CDDs
> and redistributors to add new signatures as well should boost the
> security of the whole chain to the end user, too.
> Maybe I'm being paranoid, but it wouldn't be too hard to get a lot of
> users to to blindly install bad packages (e.g. from a trojanned cover
> disc).

There was a similar argument some years back.  On one side there was
customizable CDs, the other a rock solid security chain.  What emerged
from the discussion was that a suprising number of people produced their
own disc sets for a variety of reasons.  So customisable disc sets won
out.  I would imagine that this would still be the situation today.


  Philip Charles; 39a Paterson Street, Abbotsford, Dunedin, New Zealand
   +64 3 488 2818        Fax +64 3 488 2875        Mobile 025 267 9420
     philipc@copyleft.co.nz - preferred.          philipc@debian.org
  I sell GNU/Linux & GNU/Hurd CDs & DVDs.   See http://www.copyleft.co.nz

Reply to: