Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)

To: debian-devel@lists.debian.org
Subject: Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
From: Michael Gilbert <mgilbert@debian.org>
Date: Fri, 12 Oct 2012 16:37:48 -0400
Message-id: <[🔎] CANTw=MP9wqmuuey4-erR4JNNRZn1NnpKPSCbz5nT1ca4DrunLA@mail.gmail.com>
In-reply-to: <[🔎] 1350073860.9604.20.camel@fermat.scientia.net>
References: <[🔎] 1349911198.3341.117.camel@fermat.scientia.net> <[🔎] 20121011163521.GC4151@p12n.org> <[🔎] 1349977131.3370.29.camel@fermat.scientia.net> <[🔎] CAAZ6_fAgOpwsdmmjZXm5P_UocZ0CjEsx=oHoe2gG_ryBwNcGxQ@mail.gmail.com> <[🔎] 1350073860.9604.20.camel@fermat.scientia.net>

On Fri, Oct 12, 2012 at 4:31 PM, Christoph Anton Mitterer wrote:
> But it's a general security paradigm, that one shouldn't just focus on
> the attack vectors one can think of... but rather trying to secure
> "everything" ;)

Which is impossible, or at least man-powerwise insurmountable.  There
are something like 500 million lines of code in a Debian release.
Obviously not all code bits have security implications, but the right
flaw in any one link in that chain could lead to security problems.
If we were rigorous, that would 500,000 lines of code to review per
DD.  An impossible and error-prone task.

It's more about identifying mistakes, learning from them, attempting
to track *everything*, and correcting known problems quickly.

Best wishes,
Mike

Reply to:

Follow-Ups:
- Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

References:
- Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: Peter Samuelson <peter@p12n.org>
- Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: David Kalnischkies <kalnischkies@gmail.com>
- Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

Prev by Date: Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
Next by Date: Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
Previous by thread: Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
Next by thread: Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
Index(es):
- Date
- Thread