Re: Revival of the signed debs discussion
On Thu, Dec 04, 2003 at 03:03:39AM +0100, Goswin von Brederlow wrote:
> Signed debs establish a trust chain from the buildd to the user and
> from the buildd-admin/maintainer to the user as well as copy the
> existing trust chain from ftp-master to the user into the deb itself.
> The Release.gpg only protects against a mirror being hacked. Checking
> it is important but not as powerfull as a signature in the deb.
This sounds backwards.
Release signing protects against a hostile or compromised mirror, network,
DNS server, proxy server, and a host of other, similar attacks, and also
prevents most forms of the "substitute old, vulnerable packages" attack.
What kind of real world attacks do signed debs prevent? Not a compromised
buildd, or a compromised maintainer's workstation.