[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Revival of the signed debs discussion

On Thu, Dec 04, 2003 at 03:03:39AM +0100, Goswin von Brederlow wrote:

> Signed debs establish a trust chain from the buildd to the user and
> from the buildd-admin/maintainer to the user as well as copy the
> existing trust chain from ftp-master to the user into the deb itself.
> The Release.gpg only protects against a mirror being hacked. Checking
> it is important but not as powerfull as a signature in the deb.

This sounds backwards.

Release signing protects against a hostile or compromised mirror, network,
DNS server, proxy server, and a host of other, similar attacks, and also
prevents most forms of the "substitute old, vulnerable packages" attack.

What kind of real world attacks do signed debs prevent?  Not a compromised
buildd, or a compromised maintainer's workstation.

 - mdz

Reply to: