Re: Revival of the signed debs discussion

To: Henning Makholm <henning@makholm.net>
Cc: Anthony DeRobertis <asd@suespammers.org>, debian-devel@lists.debian.org
Subject: Re: Revival of the signed debs discussion
From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
Date: 06 Dec 2003 20:56:07 +0100
Message-id: <[🔎] 87ekvhaffs.fsf@mrvn.homelinux.org>
In-reply-to: <[🔎] 87ptf2dv06.fsf@kreon.lan.henning.makholm.net>
References: <[🔎] 20031202144535.GA18163@kitenet.net> <[🔎] E1ARDy4-0000m0-LO@mid.downhill.at.eu.org> <[🔎] 20031202194241.GC22593@kitenet.net> <[🔎] 87fzg2hcx6.fsf@mrvn.homelinux.org> <[🔎] 20031203023731.GA582@dijkstra.csh.rit.edu> <[🔎] 87ptf6focp.fsf@mrvn.homelinux.org> <[🔎] 20031203190216.GH582@dijkstra.csh.rit.edu> <[🔎] 87u14hcpac.fsf@mrvn.homelinux.org> <[🔎] 20031204164750.GG582@dijkstra.csh.rit.edu> <[🔎] 878yls77za.fsf@glaurung.green-gryphon.com> <[🔎] 20031204194143.GR582@dijkstra.csh.rit.edu> <[🔎] 87d6b34mjf.fsf@glaurung.green-gryphon.com> <[🔎] 1070647822.16250.12.camel@bohr.local> <[🔎] 87d6b2bobz.fsf@mrvn.homelinux.org> <[🔎] 87ptf2dv06.fsf@kreon.lan.henning.makholm.net>

Henning Makholm <henning@makholm.net> writes:

> Scripsit Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
> 
> > If a package is compromised we can proof that the DD of the package
> > either is malicious or incompetent.
> 
> Say, we just had a major compromise on certain Debian machines. Pray
> tell, who do you think this proves is malicious or incompetent? We'd
> certainly want to toss out the culprit ASAP.

Say master gets compromised. I don't realy care, the deb signature of
the maintainer and buildds is still preventing any tampering. Each
signature adds another gpg key that has to be compromised to tamper
with exiting debs.

MfG
        Goswin

Reply to:

References:
- Re: Revival of the signed debs discussion
  - From: Joey Hess <joeyh@debian.org>
- Re: Revival of the signed debs discussion
  - From: Andreas Metzler <ametzler@downhill.at.eu.org>
- Re: Revival of the signed debs discussion
  - From: Joey Hess <joeyh@debian.org>
- Re: Revival of the signed debs discussion
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: Revival of the signed debs discussion
  - From: Matt Zimmerman <mdz@debian.org>
- Re: Revival of the signed debs discussion
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: Revival of the signed debs discussion
  - From: Matt Zimmerman <mdz@debian.org>
- Re: Revival of the signed debs discussion
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: Revival of the signed debs discussion
  - From: Matt Zimmerman <mdz@debian.org>
- Re: Revival of the signed debs discussion
  - From: Manoj Srivastava <srivasta@debian.org>
- Re: Revival of the signed debs discussion
  - From: Matt Zimmerman <mdz@debian.org>
- Re: Revival of the signed debs discussion
  - From: Manoj Srivastava <srivasta@debian.org>
- Re: Revival of the signed debs discussion
  - From: Anthony DeRobertis <asd@suespammers.org>
- Re: Revival of the signed debs discussion
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: Revival of the signed debs discussion
  - From: Henning Makholm <henning@makholm.net>

Prev by Date: Re: uploading problems and massive email floods
Next by Date: Re: Building Debian Completely From Source
Previous by thread: Re: Revival of the signed debs discussion
Next by thread: Re: Revival of the signed debs discussion
Index(es):
- Date
- Thread