[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Revival of the signed debs discussion

On Thu, Dec 04, 2003 at 03:58:38PM -0500, Daniel Jacobowitz wrote:

> On Thu, Dec 04, 2003 at 02:41:43PM -0500, Matt Zimmerman wrote:
> > What kind of real world attacks do signed debs prevent?
> > 
> > The only one which comes to mind is a rogue Debian developer that you do
> > not wish to trust, even though the project trusts him.
> Someone pretending to be someone Manoj trusts, offering him a corrupted
> .deb offline?

s/offline/without the corresponding signed metadata/

The advantage would certainly appear to be one of convenience (keeping
everything in one file), rather than security (preventing attacks).

 - mdz

Reply to: