Re: Revival of the signed debs discussion

To: debian-devel@lists.debian.org
Subject: Re: Revival of the signed debs discussion
From: Matt Zimmerman <mdz@debian.org>
Date: Thu, 4 Dec 2003 11:47:50 -0500
Message-id: <[🔎] 20031204164750.GG582@dijkstra.csh.rit.edu>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 87u14hcpac.fsf@mrvn.homelinux.org>
References: <[🔎] 20031201235436.GC2936@kitenet.net> <[🔎] 87ad6bkfev.fsf@mrvn.homelinux.org> <[🔎] 20031202144535.GA18163@kitenet.net> <[🔎] E1ARDy4-0000m0-LO@mid.downhill.at.eu.org> <[🔎] 20031202194241.GC22593@kitenet.net> <[🔎] 87fzg2hcx6.fsf@mrvn.homelinux.org> <[🔎] 20031203023731.GA582@dijkstra.csh.rit.edu> <[🔎] 87ptf6focp.fsf@mrvn.homelinux.org> <[🔎] 20031203190216.GH582@dijkstra.csh.rit.edu> <[🔎] 87u14hcpac.fsf@mrvn.homelinux.org>

On Thu, Dec 04, 2003 at 03:03:39AM +0100, Goswin von Brederlow wrote:

> Signed debs establish a trust chain from the buildd to the user and
> from the buildd-admin/maintainer to the user as well as copy the
> existing trust chain from ftp-master to the user into the deb itself.
> 
> The Release.gpg only protects against a mirror being hacked. Checking
> it is important but not as powerfull as a signature in the deb.

This sounds backwards.

Release signing protects against a hostile or compromised mirror, network,
DNS server, proxy server, and a host of other, similar attacks, and also
prevents most forms of the "substitute old, vulnerable packages" attack.

What kind of real world attacks do signed debs prevent?  Not a compromised
buildd, or a compromised maintainer's workstation.

-- 
 - mdz

Reply to:

Follow-Ups:
- Re: Revival of the signed debs discussion
  - From: Manoj Srivastava <srivasta@debian.org>
- Re: Revival of the signed debs discussion
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>

References:
- Re: Revival of the signed debs discussion
  - From: Joey Hess <joeyh@debian.org>
- Re: Revival of the signed debs discussion
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: Revival of the signed debs discussion
  - From: Joey Hess <joeyh@debian.org>
- Re: Revival of the signed debs discussion
  - From: Andreas Metzler <ametzler@downhill.at.eu.org>
- Re: Revival of the signed debs discussion
  - From: Joey Hess <joeyh@debian.org>
- Re: Revival of the signed debs discussion
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: Revival of the signed debs discussion
  - From: Matt Zimmerman <mdz@debian.org>
- Re: Revival of the signed debs discussion
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: Revival of the signed debs discussion
  - From: Matt Zimmerman <mdz@debian.org>
- Re: Revival of the signed debs discussion
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>

Prev by Date: Re: debsums for maintainer scripts
Next by Date: Re: debsums for maintainer scripts
Previous by thread: Re: Revival of the signed debs discussion
Next by thread: Re: Revival of the signed debs discussion
Index(es):
- Date
- Thread