Re: A Look In the Mirror: Attacks on Package Managers

To: debian-devel@lists.debian.org
Subject: Re: A Look In the Mirror: Attacks on Package Managers
From: Erik de Castro Lopo <erikd@mega-nerd.com>
Date: Sun, 6 Jun 2010 14:58:10 +1000
Message-id: <[🔎] 20100606145810.2ea1ad40.erikd@mega-nerd.com>
Reply-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20100606003753.f701e457.michael.s.gilbert@gmail.com>
References: <[🔎] 20100606122827.acb09dd5.mle+debian@mega-nerd.com> <[🔎] 20100606003753.f701e457.michael.s.gilbert@gmail.com>

Michael Gilbert wrote:

> Of course the major flaw with this statement is that there aren't a
> whole these "proactive" users.  However, if there are enough, some will
> spot the activity, and raise concern, which will ultimately protect
> others when the evil mirror is shut down.

Ok, my concerns over this have been assuaged somewhat. However, I still
think that having the package management software more secure by default
might still be better than relying on proactive users.

Erik
-- 
----------------------------------------------------------------------
Erik de Castro Lopo
http://www.mega-nerd.com/

Reply to:

Follow-Ups:
- Re: A Look In the Mirror: Attacks on Package Managers
  - From: Russ Allbery <rra@debian.org>

References:
- A Look In the Mirror: Attacks on Package Managers
  - From: Erik de Castro Lopo <mle+debian@mega-nerd.com>
- Re: A Look In the Mirror: Attacks on Package Managers
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>

Prev by Date: Re: A Look In the Mirror: Attacks on Package Managers
Next by Date: Bug#584729: ITP: libpackage-stash-perl -- Perl module providing routines for manipulating stashes
Previous by thread: Re: A Look In the Mirror: Attacks on Package Managers
Next by thread: Re: A Look In the Mirror: Attacks on Package Managers
Index(es):
- Date
- Thread