[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)

On Fri, Oct 12, 2012 at 4:31 PM, Christoph Anton Mitterer wrote:
> But it's a general security paradigm, that one shouldn't just focus on
> the attack vectors one can think of... but rather trying to secure
> "everything" ;)

Which is impossible, or at least man-powerwise insurmountable.  There
are something like 500 million lines of code in a Debian release.
Obviously not all code bits have security implications, but the right
flaw in any one link in that chain could lead to security problems.
If we were rigorous, that would 500,000 lines of code to review per
DD.  An impossible and error-prone task.

It's more about identifying mistakes, learning from them, attempting
to track *everything*, and correcting known problems quickly.

Best wishes,

Reply to: