[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: https for apt to prevent man in middle transparent proxy mirror attacks?

Lì mercoledì, 2004/06/09 alle 06:44, -0700, Karl Hegbloom ha scritto:
> Paranoia department (sign my key; target on my back):
> What if someone had control of a network who was "not a big Debian fan",
> or who just wanted to be evil and get trojan horse software onto
> people's computers for one reason or another.  This person sets up the
> routers so that accesses to the official Debian mirrors are
> transparently proxied to a mirror they keep, but with certain strategic
> programs shadowed by their own version, with special patches applied.

maybe i simply don't understand, but isn't Packages file signing done
exactly to avoid such an attack?


Federico Di Gregorio                         http://people.initd.org/fog
Debian GNU/Linux Developer                                fog@debian.org
INIT.D Developer                                           fog@initd.org
  We are all dust, Saqi, so play the lute
                    We are all wind, Saqi, so bring wine. -- Omar Khayam

Attachment: signature.asc
Description: Questa parte del messaggio =?ISO-8859-1?Q?=E8?= firmata

Reply to: