Secure APT (was: Re: New Maintainers)

[Florian Weimer <fw@deneb.enyo.de>]

On Mon, Sep 22, 2003 at 10:07:03AM -0400, Matt Zimmerman wrote:

> A great deal of work has been done in this area.  See
> http://bugs.debian.org/203741 for information.  It would be great if you
> would like to help with this.

Has the patch been integrated into CVS?  I think so (but the bug report
doesn't say so explicitly).

> > Of course, there is always the signed DSA with the md5sums, but checking
> > this data is rather inconvenient.
> 
> These documents are intentionally structured so that they are
> straightforward to parse; the HTML advisories are already generated
> semi-automatically.

There's something I call the "ten-to-one-hundred gap".  If you have less
than ten machines, this isn't a problem for you, you can install updates
manually.  If you have more than hundred, you typically have both the
time and expertise to automated updating.  Somewhere between, your lose.

In other words, there is a much-neglected target group that would
benefit from secure "apt-get update; apt-get upgrade", even though this
feature can be emulated in many different ways.

> > Default mailcap handling leaves something to be desired, too.
> 
> Can you be more specific?  Are there bugs filed?

It's not exactly a bug, it's considered  a feature: By default
/etc/mailcap is populated with tons of entries. This leads to very
Windows-like behavior in many mail clients ("click and regret").

Someone suggested on Usenet that packages should install these entries,
but disable them using comments.  Some packages will be updated to query
the user before invoking an external viewer, but if we rely solely on
this approach, it will take ages before mailcap handling is more robust.