[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Revival of the signed debs discussion


Werner Koch:
> On Wed, 3 Dec 2003 13:26:02 +0100, Matthias Urlichs said:
> > the local side is supposed to sign should probably be encrypted with the
> > signer's public key, otherwise I can just replace the data packet with
> > something that ends up signing a totally different file. :-/
> And if I do that, I could also sign the file right at the remote
> machine because the (or some) signature key must be available over
> there ;-)
Ouch. You're obviously right. :-/

Matthias Urlichs   |   {M:U} IT Design @ m-u-it.de   |  smurf@smurf.noris.de
Disclaimer: The quote was selected randomly. Really. | http://smurf.noris.de
 - -
The day advanced as if to light some work of mine; it was morning,
and lo! now it is evening, and nothing memorable is accomplished.
		-- H.D. Thoreau

Reply to: