Re: A Look In the Mirror: Attacks on Package Managers

To: debian-devel@lists.debian.org
Subject: Re: A Look In the Mirror: Attacks on Package Managers
From: Peter Palfrader <weasel@debian.org>
Date: Sun, 6 Jun 2010 11:14:45 +0200
Message-id: <[🔎] 20100606091445.GM14088@anguilla.noreply.org>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 87631wy335.fsf@mid.deneb.enyo.de>
References: <[🔎] 20100606122827.acb09dd5.mle+debian@mega-nerd.com> <[🔎] 20100606003753.f701e457.michael.s.gilbert@gmail.com> <[🔎] AANLkTin08k1OAM2-qBnqqMUNuNF6_FVmX6-_7mjyGDCB@mail.gmail.com> <[🔎] 87631wy335.fsf@mid.deneb.enyo.de>

On Sun, 06 Jun 2010, Florian Weimer wrote:

> You'd have to fetch the root metadata from a trusted server over
> something like HTTPS (that is, something with authentication and a
> challange-response component built in).

That wouldn't be a stupid design at all.  It would also allow that root
metadata server to suggest mirrors to the client for downloading the
rest.

Cheers,
weasel
-- 
                           |  .''`.  ** Debian GNU/Linux **
      Peter Palfrader      | : :' :      The  universal
 http://www.palfrader.org/ | `. `'      Operating System
                           |   `-    http://www.debian.org/

Reply to:

References:
- A Look In the Mirror: Attacks on Package Managers
  - From: Erik de Castro Lopo <mle+debian@mega-nerd.com>
- Re: A Look In the Mirror: Attacks on Package Managers
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>
- Re: A Look In the Mirror: Attacks on Package Managers
  - From: Fernando Lemos <fernandotcl@gmail.com>
- Re: A Look In the Mirror: Attacks on Package Managers
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Re: A Look In the Mirror: Attacks on Package Managers
Next by Date: Re: how to help end-users to increase the life-time of their SSDs
Previous by thread: Re: A Look In the Mirror: Attacks on Package Managers
Next by thread: Re: A Look In the Mirror: Attacks on Package Managers
Index(es):
- Date
- Thread