[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Secure apt-get

>>>>> "Arthur" == Arthur Korn <arthur@korn.ch> writes:

    Arthur> And how will users be able to trust all of them? (assuming
    Arthur> maintainers sign packages they built themselfes).

well... end-users already trust them.

The only thing is that they are currently checked by "dinstall" and
not by the end user.


So, the end user trusts that

1. the binary package is the same one installed by dinstall (assumes
mirrors have not altered the file, etc).

2. that dinstall checked the signature properly without messing up
(assumes dinstall has not been tampered with).

3. that the public dinstall checked the package against the correct
key[1].

4. that the binary packages uploaded is from the source package
without any alterations (source-only uploads might help?).


I think solving all 3 (from the end users perspective), like you say
might be difficult. However, I think solving just 1 would be a
significant gain in security.


Note:
[1] people in the past have argued against signing all Debian
developers keys by a central Debian master key (what would happen
if the corresponding private key gets lost or stolen?), but I would
counter-argue that using them in such a manner implies that Debian
trusts the key anyway. This is even though the key may not
have been checked properly by Debian administrators.
-- 
Brian May <bam@debian.org>
Reply to: