Recent Securityfocus Colum and the Debian HOWTO

To: jon@lasser.org
Cc: debian-security@lists.debian.org
Subject: Recent Securityfocus Colum and the Debian HOWTO
From: Javier Fernandez-Sanguino Pena <jfernandez@germinus.com>
Date: Thu, 20 Dec 2001 14:59:26 +0100
Message-id: <[🔎] 3C21EEBE.9010607@germinus.com>

Jon, regarding your recent column at your insightful column atSecurityfocus (http://www.securityfocus.com/columnists/48) regardingpackage manipulation and troyan insertion. Well, I have been discussingthis issue in Debian for a while and just yesterday (IIRC, but could bechecked at cvs.debian.org) sent a new version of the "Securing DebianHOWTO" (available athttp://www.debian.org/doc/manuals/securing-debian-howto/index.en.html)which does talk about the package signing stuff and Debian's point ofview regarding it. As you say in your column, you currently *can* checksignatures in Debian, but, it's not enabled by default since theproposed scheme has not yet been decided upon (check the HOWTO for moreinformation).

BTW, I did write this info *before* reading your column (just in caseyou were wondering), as a matter of fact I had the notes for about aweek but had to get some time to write it down :)

In any case, I wanted to comment this info just in case you want toupdate your column to add additional info.


Regards

Javier Fernández-Sanguino Peña

Reply to:

Prev by Date: Re: Fwd: Linux distributions and /bin/login overflow
Next by Date: cdimages.debian.org
Previous by thread: [no subject]
Next by thread: cdimages.debian.org
Index(es):
- Date
- Thread