[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Automatic Debian security updates, an Implementation

>From Jan Niehusmann on Friday, 18 October, 2002:
>On Fri, Oct 18, 2002 at 08:24:31AM -0400, R. Bradley Tilley wrote:
>> Can someone explain why 'apt-get update && apt-get dist-upgrade' is not 
>> sufficient to keep a debian system secure and updated?

>Of course, if the hacker managed to modify files on the master server,
>proper signatures would automatically get generated, and apt-check-sigs
>had no chance to detect these modifications. Still, checking signatures
>provides one more line of defense.

I've been thinking up a new, more secure way of doing apt.  (Actually, it's
  a modification of the current system.)  It kind of has two levels, one
  trusting apt's integrity, and the second would be a very paranoid system,
  which requires more hardware knowledge (smartcard-like businesses) than
  I currently possess.
If people are interested enough in it, I might throw together something
  more formal.


"Alt text doesn't pop up unless you use an ancient browser from the days of
 yore. The relevant standards clearly indicate that it should not, and I
 only know about one browser released in the last two years that violates
 this, and it's still claiming compatibility with Mozilla 4 (which was
 obsolete quite long ago), so it really can't be considered a modern
 browser."  --jonadab, in a slashdot.org comment.

Reply to: