[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Apt-get is insecure

Previously Emiel Metselaar wrote:
> Could anyone point me to some documentation about how this fits within
> the 'usual' apt-get update apt-get install procedure. 

The idea is:
* packages are signed using debsig and get one (or more) embedded
  signatures
* apt & friends don't look at the signature and will just see a normal
  package
* dpkg will call debsig-verify to verify the signature and validate the
  package

The last step is currently skipped since /etc/dpkg/dpkg.cfg includes
the no-debsig option by default, otherwise debsig-verify would happily
reject all current packages.

Details on how debsig-verify verifies the signature (there is a whole
bunch of criteria you can specify) should be in the debsigs or
debsig-verify package.

Wichert.

-- 
  _________________________________________________________________
 /wichert@wiggy.net         This space intentionally left occupied \
| wichert@deephackmode.org            http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |
Reply to: