On Mon, 2002-07-08 at 22:15, Marcel Weber wrote: > > > > Actually, as the system is, it could. There was an arcticle on > > this some time > > ago... > > > > Certain parts of the package are signed but there is no automated checking > > of those signatures AFAIK. > > > > > Well this would not be a big thing, would it? When I take a look at the ftp > server, there is a .dsc with pgp signatures for each package. So letting > dselect / aptitude or better dpkg-get doing a check for the key via gpg > would be no big deal, or am I wrong? As there are many mirrors worldwide, > that could be hacked or something, it would be a huge security improvement. > The main problem is presumably with trust of the keys. If all the debian developers / package maintainers had keys signed by a central debian key - they you still have to trust that debian key. Events like debconf could certainly be used to check fingerprints and sign keys - but that still leaves a lot of ppl without an easy way to check. At some point you have to draw the line though. I think that distributing the public key with the base install is probably acceptible (if thats been compromised, then you're in a whole lot of other trouble) - particularly if you check it against a centralised copy - and make sure its not different. This would also make for some interesting varients on package distribution. If a main mirror just held the gpg signatures, then it doesn't matter where else you get the packages from (ie random other servers, peer-to-peer networks, etc) - you could get the (really small bandwith) sigs from the main site. (on reflection even this isn't neccessary with authentication from the correct key) I certainly would feel somewhat better with security related things, if I knew that this was done. -- Matthew Johnson. <mjj29@cam.ac.uk> "They that would give up essential liberty for temporary safety deserve neither liberty nor safety." -- Benjamin Franklin PGP Key ID: 0x5BE86FB9 http://www.srcf.ucam.org/~mjj29/ -----BEGIN GEEK CODE BLOCK----- | Campaign for _ _| __ GCS/M d-(--) s: a--(?) C++ P-- | Digital / / | | UL++(++++) L+++ E---- W+++ N++ K- | Rights! \_ \_| | w--- M- PS- PE PGP+++ t+ 5 X- R | http://uk.eurorights.org/ tv-- b++++ DI D++ G e>++++ h !r y- ------END GEEK CODE BLOCK------
Attachment:
signature.asc
Description: This is a digitally signed message part