[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: apt 0.6 and how it does *not* solve the problem



martin f krafft <madduck@debian.org> writes:

> > > I think, adding package signatures will actually make Debian less
> > > secure than it was before, although it's doubtful that the average
> > > user will notice or care.
> > 
> > How can it make it less secure?
> 
> It gives the users a false sense of security. Having the package
> verify suggests that it is authentic, when in fact it only says that
> it has been uploaded by someone with control over any of the Debian
> developer GPG keys.

But how does this "false sense" cause a problem?  For example, if
users regularly scanned all the source code on their system, and this
would cause them to stop doing so, then the false sense would be a
problem!  

In other words, what makes a false sense of security dangerous is when
it leads someone to stop being careful about things that they
otherwise would be.  But right now, what care is anyone actually
taking to make sure that the ssh binaries they get from Debian aren't
compromised? 

> I see that this goes both ways and does also raise security. But
> do you also see my point?

I do see how it could create a false sense of security.  I do not see
what the damage that false sense is causing in this case.

> Good point. And also: uploading once every six months does not
> ensure that the developer otherwise treats his/her key safely. Thus,
> it does not really address the issue.

Please don't speak of "the issue".  There are many issues, and why I
object to your "do nothing" proposal, as that it seems to me that you
are saying we should solve any of these issues until we can solve them
all.  This attitude is facilitated by treating it as "the issue",
which isn't solved (in your mind) unless it is solved in its entirety.

Instead, think about it as many different issues.  We can solve one of
them, and thus make progress, without necessarily having solved every
one.

The logical conclusion from your arguments is that we should actually
remove the ssh package from Debian!

Thomas



Reply to: