Re: Revival of the signed debs discussion
Matt Zimmerman <mdz@debian.org> writes:
> On Fri, Dec 05, 2003 at 12:24:07AM +0100, Goswin von Brederlow wrote:
>
> > Matt Zimmerman <mdz@debian.org> writes:
> >
> > > Release signing protects against a hostile or compromised mirror,
> > > network, DNS server, proxy server, and a host of other, similar attacks,
> > > and also prevents most forms of the "substitute old, vulnerable
> > > packages" attack.
> >
> > Any compromise happening before the package left ftp-master.d.o is not
> > covered by this. That means that if master is compromised a vulnerable
> > binary can be slipped into the archive and nothing will detect it.
>
> So the only real-world attack which is addressed by signed debs is an
> ftp-master compromise? This is the only answer you have given to my
> original question.
And its a lasting signature.
Currently you can't check the debs in your apt-cache if they are a bit
older. And you can't check snapshot.debian.net for compromises.
MfG
Goswin
Reply to: