Re: Revival of the signed debs discussion
On Thu, Dec 04, 2003 at 12:28:41PM -0600, Manoj Srivastava wrote:
> On Thu, 4 Dec 2003 11:47:50 -0500, Matt Zimmerman <mdz@debian.org> said:
>
> > What kind of real world attacks do signed debs prevent? Not a
> > compromised buildd, or a compromised maintainer's workstation.
>
> It would allow me to copy .debs around with other people, or
> use .debs not made available through the usual chain of security; as
> long as the author hapens to be in my web of trust.
What kind of real world attacks do signed debs prevent?
The only one which comes to mind is a rogue Debian developer that you do not
wish to trust, even though the project trusts him.
--
- mdz
Reply to: