Re: security of apt

To: debian-security@lists.debian.org
Subject: Re: security of apt
From: Horst Pflugstaedt <Pfaedt@uni-duisburg.de>
Date: Sun, 25 Jan 2004 18:19:28 +0100
Message-id: <[🔎] 20040125171928.GA2400@home>
Mail-followup-to: Horst Pflugstaedt <Pfaedt@Uni-Duisburg.de>, debian-security@lists.debian.org
In-reply-to: <[🔎] Pine.LNX.4.44.0401251603410.11441-100000@pc-161a.hig.no>
References: <[🔎] Pine.LNX.4.44.0401251603410.11441-100000@pc-161a.hig.no>

On Sun, Jan 25, 2004 at 04:12:59PM +0100, Erik Hjelmås wrote:
> Hi,
> 
> I've spent a few hours searching, what Im looking for is a discussion
> of different security aspects of apt, questions like
> - What are the possible threats in terms of ip spoofing, dns cache
> poisoning? (are there any solutions in terms of PKI (PGP) or similar
> discussed somewhere?)

that issue is the same as for every web-based download. apt-get relys
on your sources.list which according to man sources.list currently
knows entries for http, ftp, cd-rom and file.
So apart from cd-rom, you ask for the security of http, ftp and i.e. nfs
or any other remote-mountable filesystem.

Horst.

-- 
Join the army, see the world, meet interesting, exciting people, and kill them.

Reply to:

Follow-Ups:
- Re: security of apt
  - From: Matt Zimmerman <mdz@debian.org>

References:
- security of apt
  - From: Erik Hjelmås <erikh@hig.no>

Prev by Date: Re: Mail processing tool
Next by Date: Re: security of apt
Previous by thread: security of apt
Next by thread: Re: security of apt
Index(es):
- Date
- Thread