Re: Proposal: increasing mirror security
On Mon, 25 Jan 1999, Brandon Mitchell wrote:
> for the user. If it fails, it could just warn the user and ask to
> continue. This would require: a) gnu's version of pgp to work (so that we
> don't request non-free software to get the free software) and the bad part
> b) someone to be at the console when generating packages files to type
> the pgp password. Note that a trojan horse can only be added by a trusted
> user (i.e. the package maintainer or an ftp site maintainer) unless the
> upstream source compromised.
I would prefer to use the idea of a trusted site (like ftp.debian.org) to
fetch package file MD5 summs from, that way we do not get involed with the
sticky issue of cyrpto hooks. Automatic PGP signing has at least a few
problems, it requires that a key be placed on master that can be used
automatically by scripts (ie insecure) and it requires that the clients
know exactly which key to expect so changing keys becomes difficult..
We are not very vunerable to the sort of attacks we have heard of, someone
could go onto a mirror and could change a file and change the Packages
file but they would have to do that every single day!