Re: concrete steps for improving apt downloading security and privacy
On Mon, Jul 14, 2014 at 01:22:10PM -0400, Hans-Christoph Steiner wrote:
Or, you could make use of the Check-Valid-Until and Min-ValidTime options in
apt.conf. There's a reason things are done the way they are, and you probably
aren't going to find a lot of interest in getting people to do a lot of work
to create a system which is duplicative at best and less secure at worst.
Sure, those options would work well for people who understand them and want to
tweak them. I'm not interested in that. I'm currently working on a
TAILS-based system for running build and signing processes on machines that
_never_ go online. So that means that changing the apt config is not an
option. I'm working with apt-offline currently and that helps a lot.
You're making an assertion and not supporting it. Changing a
configuration parameter is unacceptable, but switching to an entirely
different package trust model is ok? You care very much about the trust
path to debian packages but not anything else (like the software that's
installing them?) Seems like a weird problem, but maybe you're just not
fully explaining it. If that's really the constraint set I guess it may
be a case of "you created your problem, so you get to fix it".
TAILS is a live CD, but provides a method of installing and maintaining new
packages on top of what is provided by the live CD. That means those packages
are stored in an encrypted stash, and are installed on each boot. So in order
to use this feature, the apt cache needs to be refreshed using apt-offline at
least every two weeks, otherwise the packages won't be installed since apt can
no longer validate them.
Have you actually tried setting "Acquire::Check-Valid-Until off;" in
apt.conf? What was the result?