On Thu, Nov 24, 2005 at 03:48:15PM +1000, Anthony Towns wrote: > On Thu, Nov 24, 2005 at 02:31:22PM +1100, Matthew Palmer wrote: > > I think the final judgment in this issue is going to come down to personal > > taste and needs more than anything else. > > That's fine for personal repositories, it's not sufficient for Debian's > archive. Well, I think that personal taste is sufficient for Debian's archive, and it seems obvious that Those In The Know have decided that they prefer one taste over another. <grin> > > > > At the very least, though, I can't find a hole which makes binary package > > > > signatures, done properly, any less secure than per-archive signing. > > > That's easy: you trust the Packages file to be correct when using apt, > > > and it's not verified at all by per-package signatures. > > That's a good point. However, what damage can be done with a bodgy Packages > > file, if only well-signed .debs are actually accepted for installation on > > the system? > > Add a "Depends: some-random-package" that you know has a security hole > to dpkg's entry in the Packages and it'll be automatically installed by > apt. You're a lot more devious than I am, AJ, as I'd never considered these possibilities. > > > Hrm, I see queue/done (which contains .changes files going back to the > > > dark ages) isn't even being mirrored to merkel properly at the moment. > > > That's not so constructive. > > Is there a publically accessable form of queue/done somewhere that people > > can download the .changes files from? > > No, there isn't anything, apparently the mirroring to merkel got disabled > due to the inode usage / rsync time. There's some 700k odd changes > files. Ouch. rsync must be *loving* those. - Matt
Attachment:
signature.asc
Description: Digital signature