[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Secure apt-get

On Fri, Jan 19, 2001 at 12:30:40PM +0100, Ingo Saitz wrote:
> > strict routing and theres hardly anyone in the middle. The data comes
> > from your isp to your router to your system. If you don't trust your
> > router, your fault. If you don't trust your ISP, bad.
> How about those routers hacked if they are maintained badly?

A bigger problem are hacked Mirrors. Therefore some kind of Signature is
required even on binary packets.

and we should allow multiple signatures. That way every package can have the
signature of the builder, the ftp-master installer and maybe even from a
local admin or a distributor who wants to certify the package aproved for

  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Reply to: