[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: concrete steps for improving apt downloading security and privacy

On Tue, Jul 15, 2014 at 12:45 AM, Hans-Christoph Steiner wrote:

> I'd like to contribute to this effort

First thing is to get #733029 fixed, which involves disabling signing
by default (signing should be done after testing not before) and
adding a signing tool to dpkg-dev. Then debsign/debuild need adapting
to the new default and the new signing tool. Then you can modify the
dpkg signing tool to sign .deb files using code from the old stuff and
convince the dpkg maintainers to accept it. Somewhere in there the old
approaches/code should be looked at, checked if they still work and
the old documentation and external websites (some of them only on
archive.org) and mailing list discussions.



Reply to: