Re: leaks in our only-signed-software fortress
Am 18.02.2012 10:11, schrieb Teus Benschop:
To put things in perspective, I just wonder how strong this
really is, and whether this strength is only in our perception or
whether it is real. Let me give just one example: A developer
a tarball from an upstream source, configures it, and does make
yet has not even once checked whether this tarball is secure or is
This is true but...
a) this would be a general attack against all people, which are usually
a tiny bit harder to do, then the local sysadmin just hacking
b) as everyone is affected then (all users of the package),... there is
a greater chance of notifying it
c) the ideal situation would of course be, that the maintainer has a
good relationship to upstream, perhaps even met them in person,
exchanged OpenPGP keys with them and uses those (or weaker means) to
verify every single download.
 Some projects secure their sites e.g. with X.509 certs by one of
the commercial CAs.... I guess this is better than nothing, but many
recent cases have shown us that the whole strict hierarchical trust
model by X.509 is basically for trash.