[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Secure apt-get


Is there already any feature to run apt-get in a secure way? I mean that it 
installs only TRUSTED packages. I think it is possible to hack a system with 
a man-in-the-middle-attack (I am not a hacker, don't know if this is 
technically possible). If I am installing/downloading i.E. joe from 
ftp.debian.org and a hacker between me and this server gives me a HACKED 
package with a postinst changing the root-Password or something like that I 
am doomed. Would be a very nice feature if I can give apt-get a parameter so 
it checks the signatures of downloaded packages (I know, currently they don't 
have signatures) and refuses the installation if the signature is unknown. A 
basic set of public keys (debian-keyring) must be included in the debian 
base-package. Is something like that already possible (I don't think so, 
because there are no signatures in the packages) or do you think it's a good 
idea for the future? Or was it already discussed?


Reply to: