Re: [RFH] The need for signed packages and signed Releases (long, long)

To: Florian Weimer <fw@deneb.enyo.de>
Cc: debian-devel@lists.debian.org
Subject: Re: [RFH] The need for signed packages and signed Releases (long, long)
From: tb@becket.net (Thomas Bushnell, BSG)
Date: 16 Nov 2002 17:31:32 -0800
Message-id: <[🔎] 878yztnfrf.fsf@becket.becket.net>
In-reply-to: <[🔎] 87d6p6xw1w.fsf@deneb.enyo.de>
References: <[🔎] 20021112143711.GA6850@dat.etsit.upm.es> <[🔎] 20021112164411.GB7412@azure.humbug.org.au> <[🔎] 87smy6v7of.fsf@glaurung.green-gryphon.com> <[🔎] 20021113051122.GD26235@azure.humbug.org.au> <[🔎] 20021113084711.A18292@doc.ic.ac.uk> <[🔎] 87heeixx1r.fsf@deneb.enyo.de> <[🔎] 87lm3uqvl2.fsf@becket.becket.net> <[🔎] 87d6p6xw1w.fsf@deneb.enyo.de>

Florian Weimer <fw@deneb.enyo.de> writes:

> tb@becket.net (Thomas Bushnell, BSG) writes:
> 
> > Florian Weimer <fw@deneb.enyo.de> writes:
> >
> >> Andrew Suffield <asuffield@debian.org> writes:
> >> 
> >> > To be decently secure, you need the target system to refuse to accept
> >> > packages that don't have an acceptable trust path.
> >> 
> >> Have you actually tried to determine whom and which machines you have
> >> to trust implicitly when trusting a particular Debian package?  I
> >> guess this gets really messy pretty soon.
> >
> > I trust auric.
> 
> Ahem, I suppose you trust much more machines, implicitly.  The secure
> distribution of software from the project to the users is just a part
> of the problem.  Actually, it's the easy part, a solution is known and
> has been sucessfully applied by other organizations.
> 
> The other part (the origin of the package) is the hard one, and things
> get *really* interesting here.  My current feeling tells me that it
> isn't solvable using currently available technology (in particular,
> directly signed packages won't provide complete assurance).

I didn't say "complete assurance".  I said that it would *increase*
confidence considerably.

Notably, a decent signature system (which we can implement now, and I
think we *are*) radically reduces the dependency on lots of other
computers.

Reply to:

Follow-Ups:
- Re: [RFH] The need for signed packages and signed Releases (long, long)
  - From: Bernd Eckenfels <lists@lina.inka.de>

References:
- [RFH] The need for signed packages and signed Releases (long, long)
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- Re: [RFH] The need for signed packages and signed Releases (long, long)
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: [RFH] The need for signed packages and signed Releases (long, long)
  - From: Manoj Srivastava <srivasta@debian.org>
- Re: [RFH] The need for signed packages and signed Releases (long, long)
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: [RFH] The need for signed packages and signed Releases (long, long)
  - From: Andrew Suffield <asuffield@debian.org>
- Re: [RFH] The need for signed packages and signed Releases (long, long)
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: [RFH] The need for signed packages and signed Releases (long, long)
  - From: tb@becket.net (Thomas Bushnell, BSG)
- Re: [RFH] The need for signed packages and signed Releases (long, long)
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Re: Discussion - non-free software removal
Next by Date: Re: Discussion - non-free software removal
Previous by thread: Re: [RFH] The need for signed packages and signed Releases (long, long)
Next by thread: Re: [RFH] The need for signed packages and signed Releases (long, long)
Index(es):
- Date
- Thread