Re: https for apt to prevent man in middle transparent proxy mirror attacks?
On Wed, 2004-06-09 at 16:08 +0200, Federico Di Gregorio wrote:
> Lì mercoledì, 2004/06/09 alle 06:44, -0700, Karl Hegbloom ha scritto:
> > Paranoia department (sign my key; target on my back):
> > What if someone had control of a network who was "not a big Debian fan",
> > or who just wanted to be evil and get trojan horse software onto
> > people's computers for one reason or another. This person sets up the
> > routers so that accesses to the official Debian mirrors are
> > transparently proxied to a mirror they keep, but with certain strategic
> > programs shadowed by their own version, with special patches applied.
> maybe i simply don't understand, but isn't Packages file signing done
> exactly to avoid such an attack?
Can you please explain how that works?
Karl Hegbloom <email@example.com>