Re: Revival of the signed debs discussion
On Fri, Dec 05, 2003 at 12:24:07AM +0100, Goswin von Brederlow wrote:
> Matt Zimmerman <email@example.com> writes:
> > Release signing protects against a hostile or compromised mirror,
> > network, DNS server, proxy server, and a host of other, similar attacks,
> > and also prevents most forms of the "substitute old, vulnerable
> > packages" attack.
> Any compromise happening before the package left ftp-master.d.o is not
> covered by this. That means that if master is compromised a vulnerable
> binary can be slipped into the archive and nothing will detect it.
So the only real-world attack which is addressed by signed debs is an
ftp-master compromise? This is the only answer you have given to my