Re: [RFH] The need for signed packages and signed Releases (long, long)
tb@becket.net (Thomas Bushnell, BSG) writes:
> Florian Weimer <fw@deneb.enyo.de> writes:
>
>> Andrew Suffield <asuffield@debian.org> writes:
>>
>> > To be decently secure, you need the target system to refuse to accept
>> > packages that don't have an acceptable trust path.
>>
>> Have you actually tried to determine whom and which machines you have
>> to trust implicitly when trusting a particular Debian package? I
>> guess this gets really messy pretty soon.
>
> I trust auric.
Ahem, I suppose you trust much more machines, implicitly. The secure
distribution of software from the project to the users is just a part
of the problem. Actually, it's the easy part, a solution is known and
has been sucessfully applied by other organizations.
The other part (the origin of the package) is the hard one, and things
get *really* interesting here. My current feeling tells me that it
isn't solvable using currently available technology (in particular,
directly signed packages won't provide complete assurance).
Reply to: