also sprach Rudolf Lohner <Rudolf.Lohner@rz.uni-karlsruhe.de> [2005.08.27.1651 +0200]:
> This scenario could be avoided if s.d.o would authenticate itself.
> Is authentication of the server something which has been considered
> with secure apt?
I'v suggested this before but never had the time to implement it.
Patches are welcome. :)
Of course you'll have to add SSL support to security.debian.org as
well, which may be the actual show stopper.
FWIW, Florian sent me this interesting link:
http://www.cs.berkeley.edu/~nweaver/0wn2.html
--
Please do not send copies of list mail to me; I read the list!
.''`. martin f. krafft <madduck@debian.org>
: :' : proud Debian developer and author: http://debiansystem.info
`. `'`
`- Debian - when you have better things to do than fixing a system
Invalid/expired PGP (sub)keys? Use subkeys.pgp.net as keyserver!
"we all know linux is great...
it does infinite loops in 5 seconds."
-- linus torvalds
Attachment:
signature.asc
Description: Digital signature (GPG/PGP)