Re: security of apt

To: debian-security@lists.debian.org
Cc: Horst Pflugstaedt <Pfaedt@Uni-Duisburg.de>
Subject: Re: security of apt
From: Matt Zimmerman <mdz@debian.org>
Date: Sun, 25 Jan 2004 09:34:01 -0800
Message-id: <[🔎] 20040125173400.GV1541@alcor.net>
Mail-followup-to: debian-security@lists.debian.org, Horst Pflugstaedt <Pfaedt@Uni-Duisburg.de>
In-reply-to: <[🔎] 20040125171928.GA2400@home>
References: <[🔎] Pine.LNX.4.44.0401251603410.11441-100000@pc-161a.hig.no> <[🔎] 20040125171928.GA2400@home>

On Sun, Jan 25, 2004 at 06:19:28PM +0100, Horst Pflugstaedt wrote:

> On Sun, Jan 25, 2004 at 04:12:59PM +0100, Erik Hjelm?s wrote:
> > I've spent a few hours searching, what Im looking for is a discussion
> > of different security aspects of apt, questions like
> > - What are the possible threats in terms of ip spoofing, dns cache
> > poisoning? (are there any solutions in terms of PKI (PGP) or similar
> > discussed somewhere?)
> 
> that issue is the same as for every web-based download.

For apt < 0.6, this is true.  In apt 0.6, all binary packages are
authenticated using gnupg, and so network trust is not an issue.

-- 
 - mdz

Reply to:

References:
- security of apt
  - From: Erik Hjelmås <erikh@hig.no>
- Re: security of apt
  - From: Horst Pflugstaedt <Pfaedt@uni-duisburg.de>

Prev by Date: Re: security of apt
Next by Date: Re: security of apt
Previous by thread: Re: security of apt
Next by thread: Re: security of apt
Index(es):
- Date
- Thread