Re: Secure apt-get

[Klaus Reimer <kay@debian.org>]

Hi,

> The problem with signing packages is that you can't trust a computer
> to do it for obvious reasons (like building/installation of packages
> being done as root).
> And a person signing packages would hold up uploads for ages.

Well, I am new to debian, maybe I am missing something, but... The *.dsc 
containg the checksums for the source files are already signed by the 
maintainers. What about doing the same with the binary packages? apt-get can 
download both files (Signed checksum file and binary package) and can check 
the signature. 


> strict routing and theres hardly anyone in the middle. The data comes
> from your isp to your router to your system. If you don't trust your
> router, your fault. If you don't trust your ISP, bad.

I trust my provider that he is not hacking me but I don't trust my provider 
that he is secured enough to prevent being hacked.


> If someone realy wants to give you false packages, he can just look
> over your shoulder for your root passwd instead of hacking into your
> ISP to be man in the middle.

I don't agree with that. I can do something to prevent a spy behind me, but 
how can I prevent my ISP to be hacked? Yes, maybe I am paranoid...


> By the way, how do you know that the debian keyring is what it claims
> to be? 

Good point. But I am not THAT paranoid. But if I am REALLY paranoid I have to 
phone-check a lot of fingerprints or do other paranoid things ;-) 

I think there are some nice ways to distribute the keyring securely and 
guarentee that it is valid and not compromised. 

-- 
Bye
K