Re: apt 0.6 and how it does not solve the problem

To: Jan Niehusmann <jan@debian.org>
Cc: debian security <debian-security@lists.debian.org>
Subject: Re: apt 0.6 and how it does *not* solve the problem
From: Florian Weimer <fw@deneb.enyo.de>
Date: Mon, 23 Aug 2004 20:00:32 +0200
Message-id: <[🔎] 878yc591kv.fsf@deneb.enyo.de>
In-reply-to: <[🔎] 20040823154704.GA7295@gondor.com> (Jan Niehusmann's message of "Mon, 23 Aug 2004 17:47:04 +0200")
References: <[🔎] 20040822230354.GA1735@cirrus.madduck.net> <[🔎] 20040823154704.GA7295@gondor.com>

* Jan Niehusmann:

> While you have a point that the huge number of people with full write
> access to the archive is a problem, I still think that apt 0.6 serves a
> purpose: It makes local mirrors more secure.

I fully agree, and that's certainly an important step.  Mirrors are
often used for multiple purposes and could be used quite easily for
targeted tampering.

Keep in mind that Apple was forced into cryptographically securing
updates after they released Mac OS X.  Could that happen to Debian?
Perhaps.  So it's a good idea to have some technology which is more or
less ready to go.

Reply to:

Follow-Ups:
- Re: apt 0.6 and how it does *not* solve the problem
  - From: martin f krafft <madduck@debian.org>

References:
- apt 0.6 and how it does *not* solve the problem
  - From: martin f krafft <madduck@debian.org>
- Re: apt 0.6 and how it does *not* solve the problem
  - From: Jan Niehusmann <jan@debian.org>

Prev by Date: Re: get notice of sec update if package is on hold
Next by Date: Re: Official security support for sarge
Previous by thread: Re: apt 0.6 and how it does *not* solve the problem
Next by thread: Re: apt 0.6 and how it does *not* solve the problem
Index(es):
- Date
- Thread

Re: apt 0.6 and how it does *not* solve the problem

Re: apt 0.6 and how it does not solve the problem