Re: Revival of the signed debs discussion

To: debian-devel@lists.debian.org
Subject: Re: Revival of the signed debs discussion
From: Manoj Srivastava <srivasta@debian.org>
Date: Thu, 04 Dec 2003 12:28:41 -0600
Message-id: <[🔎] 878yls77za.fsf@glaurung.green-gryphon.com>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20031204164750.GG582@dijkstra.csh.rit.edu> (Matt Zimmerman's message of "Thu, 4 Dec 2003 11:47:50 -0500")
References: <[🔎] 20031201235436.GC2936@kitenet.net> <[🔎] 87ad6bkfev.fsf@mrvn.homelinux.org> <[🔎] 20031202144535.GA18163@kitenet.net> <[🔎] E1ARDy4-0000m0-LO@mid.downhill.at.eu.org> <[🔎] 20031202194241.GC22593@kitenet.net> <[🔎] 87fzg2hcx6.fsf@mrvn.homelinux.org> <[🔎] 20031203023731.GA582@dijkstra.csh.rit.edu> <[🔎] 87ptf6focp.fsf@mrvn.homelinux.org> <[🔎] 20031203190216.GH582@dijkstra.csh.rit.edu> <[🔎] 87u14hcpac.fsf@mrvn.homelinux.org> <[🔎] 20031204164750.GG582@dijkstra.csh.rit.edu>

On Thu, 4 Dec 2003 11:47:50 -0500, Matt Zimmerman <mdz@debian.org> said: 

> What kind of real world attacks do signed debs prevent?  Not a
> compromised buildd, or a compromised maintainer's workstation.

	It would allow me to copy .debs around with other people, or
 use .debs not made available through the usual chain of security; as
 long as the author hapens to be in my web of trust.

	manoj
-- 
When the going gets weird, the weird turn pro. Hunter S. Thompson
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to:

Follow-Ups:
- Re: Revival of the signed debs discussion
  - From: Matt Zimmerman <mdz@debian.org>

References:
- Re: Revival of the signed debs discussion
  - From: Joey Hess <joeyh@debian.org>
- Re: Revival of the signed debs discussion
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: Revival of the signed debs discussion
  - From: Joey Hess <joeyh@debian.org>
- Re: Revival of the signed debs discussion
  - From: Andreas Metzler <ametzler@downhill.at.eu.org>
- Re: Revival of the signed debs discussion
  - From: Joey Hess <joeyh@debian.org>
- Re: Revival of the signed debs discussion
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: Revival of the signed debs discussion
  - From: Matt Zimmerman <mdz@debian.org>
- Re: Revival of the signed debs discussion
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: Revival of the signed debs discussion
  - From: Matt Zimmerman <mdz@debian.org>
- Re: Revival of the signed debs discussion
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: Revival of the signed debs discussion
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Re: Debian packages and freedesktop.org (Gnome, KDE, etc) menu entries
Next by Date: Re: Backport of the integer overflow in the brk system call
Previous by thread: Re: Revival of the signed debs discussion
Next by thread: Re: Revival of the signed debs discussion
Index(es):
- Date
- Thread