[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian mirrors and MITM

On Fri, May 30, 2014, at 11:17 PM, Reid Sutherland wrote:
> > As what I posted earlier, all you would need to do is to MITM the
> > install of APT during an install. Who cares what the signatures look
> > like since you've NOPed the checksumming code!
> So OpenSSL can be flawed and nobody bats an eye, APT uses GnuPG and
> everyone (this guy) loses their mind?

Strawman much? What does bring up OpenSSL have anything to do with
Debian mirrors being MITM?


  Alfie John

Reply to: