Re: Revival of the signed debs discussion
On Thu, Dec 04, 2003 at 03:58:38PM -0500, Daniel Jacobowitz wrote:
> On Thu, Dec 04, 2003 at 02:41:43PM -0500, Matt Zimmerman wrote:
> > What kind of real world attacks do signed debs prevent?
> > The only one which comes to mind is a rogue Debian developer that you do
> > not wish to trust, even though the project trusts him.
> Someone pretending to be someone Manoj trusts, offering him a corrupted
> .deb offline?
s/offline/without the corresponding signed metadata/
The advantage would certainly appear to be one of convenience (keeping
everything in one file), rather than security (preventing attacks).