[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

security (was: Re: my platform for Debian Project Leader)

On Tue, Feb 20, 2001 at 10:24:03PM -0500, Branden Robinson wrote:
> The purpose of this message is to outline the reasons I running for Debian
> Project Leader, and to present an idea of some specific things I would like
> to accomplish during my term, if elected.
You forgot to tell about security. More and more people are concerned about
trojans in automatically downloaded packages. I know that there's no really
good solution as in the end it is all software from different authors but
we must at least do a bit more for security. Proposals are e.g.
* APT could automatically check signatures on downloaded sources
* APT could automatically check signatures on packages which the maintainer
  has self builded.
* A task force could check the diffs and md5sum check the .orig.tar.gz's for
  malicious code - yeah, I know it's easy to hide but we normally don't have
  that much source code changes outside the /debian dir.
* something. At least make the users aware how much or less the security they
  get from RedHats signed packages really is for them. 
* More more people for the security fix team. 


Christian Hammers    WESTEND GmbH - Aachen und Dueren     Tel 0241/701333-0
ch@westend.com     Internet & Security for Professionals    Fax 0241/911879
           WESTEND ist CISCO Systems Partner - Premium Certified

Reply to: