[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Recent Securityfocus Colum and the Debian HOWTO

Jon, regarding your recent column at your insightful column at Securityfocus (http://www.securityfocus.com/columnists/48) regarding package manipulation and troyan insertion. Well, I have been discussing this issue in Debian for a while and just yesterday (IIRC, but could be checked at cvs.debian.org) sent a new version of the "Securing Debian HOWTO" (available at http://www.debian.org/doc/manuals/securing-debian-howto/index.en.html) which does talk about the package signing stuff and Debian's point of view regarding it. As you say in your column, you currently *can* check signatures in Debian, but, it's not enabled by default since the proposed scheme has not yet been decided upon (check the HOWTO for more information).

BTW, I did write this info *before* reading your column (just in case you were wondering), as a matter of fact I had the notes for about a week but had to get some time to write it down :)

In any case, I wanted to comment this info just in case you want to update your column to add additional info.


Javier Fernández-Sanguino Peña

Reply to: