[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Revival of the signed debs discussion

Goswin von Brederlow wrote:
> > dpkg that it is downgrading the package, and a clever attacker might
> > avoid even that.
> How would you avoid it?

Make the replacement package really be a different package entirely, of
a higher version than the package it purports to replace.

I think aj had some more examples along these lines the last time this
came up.

see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to: