[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Revival of the signed debs discussion

No Cc was necessary, I am subscribed to debian-devel.

On Mon, 2003-12-01 at 16:26, John Goerzen wrote:

> On Mon, Dec 01, 2003 at 03:56:59PM +0000, Scott James Remnant wrote:
> > Assuming that level of compromise, there's no recent to suspect that
> > they couldn't have free reign adding anything to the archive they
> > wanted.  Signed .debs gain you nothing here.
> If every .deb must be signed by a developer, and we assume that no
> developer leaves secret keys on public machines, then signed .debs does
> save the day.

> Even if the attacker could place a new keyring file in the archive,
> people verifying signatures on signed .debs would not install it, since
> it would not have the signature of a developer.
What defines "the signature of a developer"?  That their key is in the
keyring, so if a hax0r decided to comprise our keyring and add a key to
it, there'd be no way to tell that it wasn't a developer's key.

Have you ever, ever felt like this?
Had strange things happen?  Are you going round the twist?

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: