Re: Secure apt-get

To: debian-devel@lists.debian.org
Subject: Re: Secure apt-get
From: Bernd Eckenfels <lists@lina.inka.de>
Date: Sat, 20 Jan 2001 01:00:29 +0100
Message-id: <[🔎] 20010120010029.A2511@lina.inka.de>
In-reply-to: <[🔎] 20010119123039.A1668@pinguin.subspace.exe>; from Ingo.Saitz@stud.uni-hannover.de on Fri, Jan 19, 2001 at 12:30:40PM +0100
References: <[🔎] 01011819481401.00676@neo> <[🔎] 87itnc1q9f.fsf@mose.informatik.uni-tuebingen.de> <[🔎] 20010119123039.A1668@pinguin.subspace.exe>

On Fri, Jan 19, 2001 at 12:30:40PM +0100, Ingo Saitz wrote:
> > strict routing and theres hardly anyone in the middle. The data comes
> > from your isp to your router to your system. If you don't trust your
> > router, your fault. If you don't trust your ISP, bad.
> 
> How about those routers hacked if they are maintained badly?

A bigger problem are hacked Mirrors. Therefore some kind of Signature is
required even on binary packets.

and we should allow multiple signatures. That way every package can have the
signature of the builder, the ftp-master installer and maybe even from a
local admin or a distributor who wants to certify the package aproved for
usage.

greetings
Bernd
-- 
  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Reply to:

Follow-Ups:
- Re: Secure apt-get
  - From: Jason Gunthorpe <jgg@debian.org>

References:
- Secure apt-get
  - From: Klaus Reimer <kay@debian.org>
- Re: Secure apt-get
  - From: Goswin Brederlow <goswin.brederlow@student.uni-tuebingen.de>
- Re: Secure apt-get
  - From: Ingo Saitz <Ingo.Saitz@stud.uni-hannover.de>

Prev by Date: ssh message?
Next by Date: Re: MAKEDEV bug?
Previous by thread: Re: Secure apt-get
Next by thread: Re: Secure apt-get
Index(es):
- Date
- Thread