[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: crypto support in potato

> > I think the installation process should offer users the option to
> > automatically network-install with apt the packages in non-US.
> Isn't this bass-ackwards?  Youre using the network to get packages to make
> your system secure?  Isn't the best way to disconnect your "virgin" box
> from the net, install crypto packages, and then only put it on the net
> once you've checked out everything to make sure it meets your standards?
> Crack attempts can start from the instant a box is put on the network.
> Sure, allowing network-install with apt might be seen as a step in that
> direction, and if you're going to network-install anyway, it's better
> than nothing.  So I'm not throwing cold water on the idea.  I think it
> would be a *better* idea to have an optional "secure" base install disk
> set.  If the US ever loses its arcane crypto laws, this "optional" set
> could become the default.

 If you are referring to the risk of man-in-the middle with packages that's
nonsense. The fileutils package (or any other package) can make a security
hole in your system just as well.
 What we need is pgp signatures for .debs.

Reply to: