[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Automatic Debian security updates, an Implementation

>IMHO there is no lack of interesting ideas - what we really need are

Ja.  I just have to find the time.  :)

>apt-check-sigs is a nice proof-of-concept, and the debsigs stuff could
>also improve security significantly. Together, I'd say they'd suffice to
>make the debian mirrors extremely tamper-proof. 
>But apt-check-sigs is lacking nice integration into existing tools, and
>debsigs doesn't really work, because packages are not signed, which is
>IMHO caused by inappropriate helper tools at packaging time.

Hrm.  I guess I'll have to check into those.

>So implementing these tools, and then changing policy to make package
>signatures mandatory, seems to be the most feasible approach.

Making package sigs mandatory is the critical bit, IMHO.


"Alt text doesn't pop up unless you use an ancient browser from the days of
 yore. The relevant standards clearly indicate that it should not, and I
 only know about one browser released in the last two years that violates
 this, and it's still claiming compatibility with Mozilla 4 (which was
 obsolete quite long ago), so it really can't be considered a modern
 browser."  --jonadab, in a slashdot.org comment.

Reply to: