Re: Microsoft-IIS/6.0 serves up Debian... WTF!

To: debian-security@lists.debian.org
Subject: Re: Microsoft-IIS/6.0 serves up Debian... WTF!
From: Joey Hess <joeyh@debian.org>
Date: Sun, 8 Jun 2008 15:28:31 -0400
Message-id: <[🔎] 20080608192831.GA21885@kodama.kitenet.net>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 7ff145960806081158p3e06b050n90c5269467c48f3@mail.gmail.com>
References: <[🔎] 7ff145960806072341q1f30e8fcmc680a2f134f9eb1@mail.gmail.com> <[🔎] E1K5Nn8-0007fN-00@calista.eckenfels.net> <[🔎] 7ff145960806081158p3e06b050n90c5269467c48f3@mail.gmail.com>

Jim Popovitch wrote:
> Here's my issue, please correct me if I am wrong.  .debs and sigs both
> exist on the same server.  If the Windows box/network is compromised,
> then the sigs and debs can be modified and who would know?

The security provided by a gpg signature is the difficulty in forging
the signature, not the server that serves it.

http://wiki.debian.org/SecureApt

-- 
see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: Microsoft-IIS/6.0 serves up Debian... WTF!
  - From: "Anderson Kaiser" <alpkaiser@gmail.com>

References:
- Re: Microsoft-IIS/6.0 serves up Debian... WTF!
  - From: "Jim Popovitch" <yahoo@jimpop.com>
- Re: Microsoft-IIS/6.0 serves up Debian... WTF!
  - From: Bernd Eckenfels <ecki@lina.inka.de>
- Re: Microsoft-IIS/6.0 serves up Debian... WTF!
  - From: "Jim Popovitch" <yahoo@jimpop.com>

Prev by Date: Re: Microsoft-IIS/6.0 serves up Debian... WTF!
Next by Date: Re: Microsoft-IIS/6.0 serves up Debian... WTF!
Previous by thread: Re: Microsoft-IIS/6.0 serves up Debian... WTF!
Next by thread: Re: Microsoft-IIS/6.0 serves up Debian... WTF!
Index(es):
- Date
- Thread