No Cc was necessary, I am subscribed to debian-devel. On Mon, 2003-12-01 at 16:26, John Goerzen wrote: > On Mon, Dec 01, 2003 at 03:56:59PM +0000, Scott James Remnant wrote: > > Assuming that level of compromise, there's no recent to suspect that > > they couldn't have free reign adding anything to the archive they > > wanted. Signed .debs gain you nothing here. > > If every .deb must be signed by a developer, and we assume that no > developer leaves secret keys on public machines, then signed .debs does > save the day. > How? > Even if the attacker could place a new keyring file in the archive, > people verifying signatures on signed .debs would not install it, since > it would not have the signature of a developer. > What defines "the signature of a developer"? That their key is in the keyring, so if a hax0r decided to comprise our keyring and add a key to it, there'd be no way to tell that it wasn't a developer's key. Scott -- Have you ever, ever felt like this? Had strange things happen? Are you going round the twist?
Description: This is a digitally signed message part