[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: apt 0.6 and how it does *not* solve the problem

* Jan Niehusmann:

> While you have a point that the huge number of people with full write
> access to the archive is a problem, I still think that apt 0.6 serves a
> purpose: It makes local mirrors more secure.

I fully agree, and that's certainly an important step.  Mirrors are
often used for multiple purposes and could be used quite easily for
targeted tampering.

Keep in mind that Apple was forced into cryptographically securing
updates after they released Mac OS X.  Could that happen to Debian?
Perhaps.  So it's a good idea to have some technology which is more or
less ready to go.

Reply to: