[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: A Look In the Mirror: Attacks on Package Managers

On Sun, 06 Jun 2010, Florian Weimer wrote:

> You'd have to fetch the root metadata from a trusted server over
> something like HTTPS (that is, something with authentication and a
> challange-response component built in).

That wouldn't be a stupid design at all.  It would also allow that root
metadata server to suggest mirrors to the client for downloading the

                           |  .''`.  ** Debian GNU/Linux **
      Peter Palfrader      | : :' :      The  universal
 http://www.palfrader.org/ | `. `'      Operating System
                           |   `-    http://www.debian.org/

Reply to: