Re: [RFH] The need for signed packages and signed Releases (long, long)
Florian Weimer <fw@deneb.enyo.de> writes:
> tb@becket.net (Thomas Bushnell, BSG) writes:
>
> > Florian Weimer <fw@deneb.enyo.de> writes:
> >
> >> Andrew Suffield <asuffield@debian.org> writes:
> >>
> >> > To be decently secure, you need the target system to refuse to accept
> >> > packages that don't have an acceptable trust path.
> >>
> >> Have you actually tried to determine whom and which machines you have
> >> to trust implicitly when trusting a particular Debian package? I
> >> guess this gets really messy pretty soon.
> >
> > I trust auric.
>
> Ahem, I suppose you trust much more machines, implicitly. The secure
> distribution of software from the project to the users is just a part
> of the problem. Actually, it's the easy part, a solution is known and
> has been sucessfully applied by other organizations.
>
> The other part (the origin of the package) is the hard one, and things
> get *really* interesting here. My current feeling tells me that it
> isn't solvable using currently available technology (in particular,
> directly signed packages won't provide complete assurance).
I didn't say "complete assurance". I said that it would *increase*
confidence considerably.
Notably, a decent signature system (which we can implement now, and I
think we *are*) radically reduces the dependency on lots of other
computers.
Reply to: