Re: Revival of the signed debs discussion

To: Andreas Barth <aba@not.so.argh.org>, debian-devel@lists.debian.org
Subject: Re: Revival of the signed debs discussion
From: John Goerzen <jgoerzen@complete.org>
Date: Tue, 2 Dec 2003 08:28:37 -0600
Message-id: <[🔎] 20031202142837.GC17732@complete.org>
In-reply-to: <[🔎] 20031202100753.GB3756@mails.so.argh.org>
References: <[🔎] 8765h0mzk1.fsf@mrvn.homelinux.org> <[🔎] 20031201235436.GC2936@kitenet.net> <[🔎] 20031202100753.GB3756@mails.so.argh.org>

On Tue, Dec 02, 2003 at 11:07:53AM +0100, Andreas Barth wrote:
> > The canoical attack against signed debs in this situation is to find a
> > signed deb on snapshot.debian.net that contains a known security hole.
> 
> To avoid this attack, it is necessary that the filename of the deb or
> the version of the package is also signed.

The filename is pretty much irrlevant to tools everywhere; I don't see
any benefit in mucking with that.  Besides, it can get altered along the
way.

Since the version of the package is part of the control file, and
debsigs signs the control data along with the package contents, the
version is already protected by debsigs.

-- John

Reply to:

References:
- Revival of the signed debs discussion
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: Revival of the signed debs discussion
  - From: Joey Hess <joeyh@debian.org>
- Re: Revival of the signed debs discussion
  - From: Andreas Barth <aba@not.so.argh.org>

Prev by Date: Re: apt-rpm article -- the features we don't have
Next by Date: Re: Bits from the RM
Previous by thread: Re: Revival of the signed debs discussion
Next by thread: Re: Revival of the signed debs discussion
Index(es):
- Date
- Thread