Re: Revival of the signed debs discussion
On Tue, Dec 02, 2003 at 11:07:53AM +0100, Andreas Barth wrote:
> > The canoical attack against signed debs in this situation is to find a
> > signed deb on snapshot.debian.net that contains a known security hole.
> To avoid this attack, it is necessary that the filename of the deb or
> the version of the package is also signed.
The filename is pretty much irrlevant to tools everywhere; I don't see
any benefit in mucking with that. Besides, it can get altered along the
Since the version of the package is part of the control file, and
debsigs signs the control data along with the package contents, the
version is already protected by debsigs.