Re: A Look In the Mirror: Attacks on Package Managers
On Sun, 06 Jun 2010, Florian Weimer wrote:
> You'd have to fetch the root metadata from a trusted server over
> something like HTTPS (that is, something with authentication and a
> challange-response component built in).
That wouldn't be a stupid design at all. It would also allow that root
metadata server to suggest mirrors to the client for downloading the
rest.
Cheers,
weasel
--
| .''`. ** Debian GNU/Linux **
Peter Palfrader | : :' : The universal
http://www.palfrader.org/ | `. `' Operating System
| `- http://www.debian.org/
Reply to: