Re: dselect / apt-get and packages

To: Marcel Weber <mmweber@ncpro.com>
Cc: "Debian-Security@Lists. Debian. Org" <debian-security@lists.debian.org>
Subject: Re: dselect / apt-get and packages
From: Phillip Hofmeister <plhofmei@zionlth.org>
Date: Mon, 8 Jul 2002 16:09:10 -0400
Message-id: <[🔎] 20020708200909.GA18350@zionlth.org>
Mail-followup-to: Marcel Weber <mmweber@ncpro.com>, "Debian-Security@Lists. Debian. Org" <debian-security@lists.debian.org>
In-reply-to: <[🔎] ABEKLOAPHGEAANDBAIFFGEJBCHAA.mmweber@ncpro.com>
References: <[🔎] ABEKLOAPHGEAANDBAIFFGEJBCHAA.mmweber@ncpro.com>

On Mon, 08 Jul 2002 at 09:31:49PM +0300, Marcel Weber wrote:
> Hi
> 
> I just have a silly question: During a discussion in a newsgroup about the
> Mac OS X Software Update vulnerabity
> (http://www.cunap.com/~hardingr/projects/osx/exploit.html) someone said,
> that this could happen with debian, too. I argued, that this is not possible
> as debian uses pgp / gpg signatures to check the integrity of the packages.

Actually, as the system is, it could.  There was an arcticle on this some time
ago...

Certain parts of the package are signed but there is no automated checking
of those signatures AFAIK.


-- 
Phil

PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/ | gpg --import

Attachment: pgpgndckhcyWP.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- AW: dselect / apt-get and packages
  - From: "Marcel Weber" <mmweber@ncpro.com>

References:
- dselect / apt-get and packages
  - From: "Marcel Weber" <mmweber@ncpro.com>

Prev by Date: dselect / apt-get and packages
Next by Date: Re: dselect / apt-get and packages
Previous by thread: dselect / apt-get and packages
Next by thread: AW: dselect / apt-get and packages
Index(es):
- Date
- Thread