[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Revival of the signed debs discussion

Matt Zimmerman <mdz@debian.org> writes:

> On Fri, Dec 05, 2003 at 12:24:07AM +0100, Goswin von Brederlow wrote:
> > Matt Zimmerman <mdz@debian.org> writes:
> > 
> > > Release signing protects against a hostile or compromised mirror,
> > > network, DNS server, proxy server, and a host of other, similar attacks,
> > > and also prevents most forms of the "substitute old, vulnerable
> > > packages" attack.
> > 
> > Any compromise happening before the package left ftp-master.d.o is not
> > covered by this. That means that if master is compromised a vulnerable
> > binary can be slipped into the archive and nothing will detect it.
> So the only real-world attack which is addressed by signed debs is an
> ftp-master compromise?  This is the only answer you have given to my
> original question.

And its a lasting signature.

Currently you can't check the debs in your apt-cache if they are a bit
older. And you can't check snapshot.debian.net for compromises.


Reply to: