Re: Packages and signatures

To: debian-devel@lists.debian.org
Subject: Re: Packages and signatures
From: Nicolás Lichtmaier <nick@debian.org>
Date: Mon, 22 Jan 2001 23:21:58 -0300
Message-id: <[🔎] 20010122232158.D1477@debian.org>
In-reply-to: <[🔎] 20010121191524.A1119@cistron.nl>; from wichert@cistron.nl on Sun, Jan 21, 2001 at 07:15:24PM +0800
References: <[🔎] 01011819481401.00676@neo> <[🔎] 87itnc1q9f.fsf@mose.informatik.uni-tuebingen.de> <[🔎] 20010118234810.C1214@debian.org> <[🔎] 20010121191524.A1119@cistron.nl>

> >  Again with different words: A key used by "dinstall" (or whatever its name
> > is now) will have the same degree of security/trust that packages that are
> > now built with it.
> 
> No, it has a much larger impact. I'll leave it to you to figure out
> exactly why :)

 The only way somebody could access the key is by compromising the machine,
and by doing so the attacker could leave a hacked dinstall that would do
whatever the attacker wants... Where is the flaw in my reasoning?

Reply to:

Follow-Ups:
- Re: Packages and signatures
  - From: Bernd Eckenfels <lists@lina.inka.de>

References:
- Secure apt-get
  - From: Klaus Reimer <kay@debian.org>
- Re: Secure apt-get
  - From: Goswin Brederlow <goswin.brederlow@student.uni-tuebingen.de>
- Packages and signatures
  - From: Nicolás Lichtmaier <nick@debian.org>
- Re: Packages and signatures
  - From: Wichert Akkerman <wichert@cistron.nl>

Prev by Date: Re: Using XML to handle all configuration files
Next by Date: Kernel 2.4, Potato, and Quota
Previous by thread: Re: Packages and signatures
Next by thread: Re: Packages and signatures
Index(es):
- Date
- Thread