Re: apt 0.6 and how it does *not* solve the problem
On Mon, 23 Aug 2004 14:46, Bron Gondwana <brong@brong.net> wrote:
> > Removing developers who don't meet certain criteria (EG no package
> > uploads for 6 months) from active status makes a lot of sense. Anyone
> > care to propose a GR?
>
> This doesn't work. The problem is basically:
>
> a) what about a package which they uploaded while valid, more than 6 months
> ago, that someone wants to download and install now.
That package doesn't matter, if they don't have active status then the Debian
server machines won't accept it.
> b) if by date, what's to stop someone backdating a package and falsifying a
> mirror/proxy with a copy of their package. The signature will still
> check out.
Because they can't go back in time and get the Debian server to accept the
package.
> If you wanted to implement this the only safe way to do it and have the
> original packages by ex-developers still installable is to have a central
> daemon check the signature and co-sign the fact that they checked the
> signature at a certain date (upload date) and that it was valid as of that
> time.
Isn't the entire point of apt security extensions to make sure that the
packages can only be accepted if they come from the Debian server not another
server that impersonates it?
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: