Re: Revival of the signed debs discussion

To: Scott James Remnant <scott@netsplit.com>
Cc: Debian Developers <debian-devel@lists.debian.org>
Subject: Re: Revival of the signed debs discussion
From: John Goerzen <jgoerzen@complete.org>
Date: Mon, 1 Dec 2003 10:26:39 -0600
Message-id: <[🔎] 20031201162639.GA22407@complete.org>
In-reply-to: <[🔎] 1070294218.31956.26.camel@elite>
References: <[🔎] 8765h0mzk1.fsf@mrvn.homelinux.org> <[🔎] 1070294218.31956.26.camel@elite>

On Mon, Dec 01, 2003 at 03:56:59PM +0000, Scott James Remnant wrote:
> Assuming that level of compromise, there's no recent to suspect that
> they couldn't have free reign adding anything to the archive they
> wanted.  Signed .debs gain you nothing here.

If every .deb must be signed by a developer, and we assume that no
developer leaves secret keys on public machines, then signed .debs does
save the day.

Even if the attacker could place a new keyring file in the archive,
people verifying signatures on signed .debs would not install it, since
it would not have the signature of a developer.

All other attacked debs would also fail to install, since they would not
have the signature of a developer.

Reply to:

Follow-Ups:
- Re: Revival of the signed debs discussion
  - From: Scott James Remnant <scott@netsplit.com>
- Re: Revival of the signed debs discussion
  - From: Andreas Barth <aba@not.so.argh.org>

References:
- Revival of the signed debs discussion
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: Revival of the signed debs discussion
  - From: Scott James Remnant <scott@netsplit.com>

Prev by Date: Re: Revival of the signed debs discussion
Next by Date: Re: Revival of the signed debs discussion
Previous by thread: Re: Revival of the signed debs discussion
Next by thread: Re: Revival of the signed debs discussion
Index(es):
- Date
- Thread