[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Time for apt-secure?

Michael Stone wrote:
On Fri, Nov 28, 2003 at 11:10:56AM +0200, Camillo Särs wrote:

Yes, I did note that "there are many wrinkles to iron out". That's not the point I am trying to make. I don't think anyone would be foolish enough to think apt-secure provides "total security".

What would be foolish is thinking that it would have had any benefit in
this case.

Would you care to elaborate a bit on that point? Or do you just enjoy calling me a fool?

Essentially, as communications in the beginning of the incident were scarce at best, and nonexistant at worst, I really benefited from using apt-secure. It meant that I did not have to rely only on unreliable sources for trust in the archives. I also had some trust in apt-secure's ability to eliminate obvious trojans. Thus I could sit down and wait for more info.

As an example, 3.0r2 did not install on my system before I reconfigured trust in the archives. This worked as intended, although that may not be immediately obvious.

Again, as you deem me foolish for having this trust in apt-secure, I would certainly like to hear why.

Best regards,
Camillo Särs <+ged+@iki.fi>              **  Aim for the impossible and you
<http://www.iki.fi/+ged>                 **   will achieve the improbable.
PGP public key available                 **

Reply to: