[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Automatic Debian security updates, an Implementation

On Fri, Oct 18, 2002 at 08:24:31AM -0400, R. Bradley Tilley wrote:
> Can someone explain why 'apt-get update && apt-get dist-upgrade' is not 
> sufficient to keep a debian system secure and updated?

Because a hacked mirror could contain malicious packages.
When you check signatures before upgrading, you detect such intrusions.

Of course, if the hacker managed to modify files on the master server,
proper signatures would automatically get generated, and apt-check-sigs
had no chance to detect these modifications. Still, checking signatures
provides one more line of defense.


Reply to: