[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packages and signatures

On Sun, Jan 28, 2001 at 09:59:14PM +0100, Tollef Fog Heen wrote:

> * Matt Zimmerman 
> 
> | A CD vendor presses a CD using the contents of the archive at time X, and the
> | archive is compromised at X+k.  The CD vendor does not need to worry about his
> | CD contents.
> 
> You do not always know when a compromise takes place - you just find
> out that somebody has rooted you.  In which case one cannot know for
> sure which packages are ok and which aren't.

Are you saying that if a compromise were discovered tomorrow, new potato CDs
would have to be made?

In my experience, it is nearly always possible to determine (with a certain
margin of error) the date on which a compromise occurred.

-- 
 - mdz
Reply to: