Re: Announcement: APT Secure

To: debian-security@lists.debian.org
Subject: Re: Announcement: APT Secure
From: nick black <dank@suburbanjihad.net>
Date: Wed, 2 Jul 2003 16:20:56 +0000 (UTC)
Message-id: <[🔎] bdv0p8$l4e$1@main.gmane.org>
Reply-to: dank@reflexsecurity.com
References: <Pine.GSO.4.40.0306261226370.3633-100000@deneb.cc.umanitoba.ca>

Drew Scott Daniels consulted the pineal gland:
> Please see http://monk.debian.net/apt-secure/ for more information and
> to download Debian packages.
> There's also a mirror here:
> http://people.debian.org/~walters/monk.debian.net/

are there plans to sign (with some given key, preferably one of yours on the
keyring) the repository at  http://monk.debian.net/debian/?  other than
that source, i've been able to update with no problems.

how much testing has gone into testing badly-signed packages, or
packages which are properly signed but don't match the latest Releases
file (possible MiM attack where an old, vulnerable but signed package is
substituted for the correct one)?  is some needed?

-- 
nick black <dank@reflexsecurity.com>
"np:  nondeterministic polynomial-time
the class of dashed hopes and idle dreams." - the complexity zoo

Reply to:

Prev by Date: Re: Why is proftpd always started when one update it?
Next by Date: Re: Strongest linux
Previous by thread: Re: Announcement: APT Secure
Next by thread: Re: Why is proftpd always started when one update it?
Index(es):
- Date
- Thread