[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: concrete steps for improving apt downloading security and privacy

On Tue, Jul 15, 2014 at 04:24:38PM -0400, Hans-Christoph Steiner wrote:
I'm not saying that adding .deb signature validation to `dpkg -i` would be
trivial and without risk.  But the idea of validating signed package files on
install is hardly revolutionary or even novel any more. Indeed it is pretty
widespread: think Android, Fedora, Java, iOS, etc.  I think it is the cleanest
approach for the problem that I've outlined.

Except that you haven't addressed *at all* why the current mechanism is insufficient, except that you don't like it and want to do something else instead. You understand why that argument isn't particularly compelling.

Mike Stone

Reply to: