[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#540215: Introduce dh_checksums

On Mon, Mar 08, 2010 at 05:59:13PM -0500, Joey Hess wrote:
> Russ Allbery wrote:
> > The missing link, in this validation scenario, is how to get a signed copy
> > of the MD5 checksums of the files in the package.
> That's one missing link. The other one is that there are innumerable
> ways for an attacker to inject bad behavior/backdoors onto a system
> without touching binaries originating from dpkg. 

Signatures don't prevent bugs, they don't prevent trojans, they don't
prevent attacks on SSH. But they let you *detect* attacks. It's not
that easy to install a root kit that hides all changes and you can
always boot from a trusted medium to check your files. Without
signatures, you can't, or at least it a lot harder.

> Expecting debsums to
> protect against any form of attack is bound to result in a false sense
> of security; 

I don't expect that.


Reply to: