Re: concrete steps for improving apt downloading security and privacy

To: debian-security@lists.debian.org
Subject: Re: concrete steps for improving apt downloading security and privacy
From: Holger Levsen <holger@layer-acht.org>
Date: Wed, 16 Jul 2014 01:45:36 +0200
Message-id: <[🔎] 201407160145.43792.holger@layer-acht.org>
In-reply-to: <[🔎] 934303a6-0c60-11e4-b95c-00163eeb5320@msgid.mathom.us>
References: <[🔎] CACJnc4hN93PJHuWm_GU-sXASW-65OaDtNJL6jH0gumqbyLsv8Q@mail.gmail.com> <[🔎] 53C58E06.3030808@at.or.at> <[🔎] 934303a6-0c60-11e4-b95c-00163eeb5320@msgid.mathom.us>

Hi,

On Dienstag, 15. Juli 2014, Michael Stone wrote:
> Except that you haven't addressed *at all* why the current mechanism is
> insufficient, except that you don't like it and want to do something
> else instead. 

AIUI Hans-Christoph wants something else _also_, not instead. And technically 
I think those signed .debs even exist already, via hashes in signed .changes 
files. Or am I getting something wrong?

cheers,
	Holger

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Follow-Ups:
- Re: concrete steps for improving apt downloading security and privacy
  - From: Michael Stone <mstone@debian.org>

References:
- Re: concrete steps for improving apt downloading security and privacy
  - From: Kitty Cat <realizar.la.paz@gmail.com>
- Re: concrete steps for improving apt downloading security and privacy
  - From: Hans-Christoph Steiner <hans@at.or.at>
- Re: concrete steps for improving apt downloading security and privacy
  - From: Michael Stone <mstone@debian.org>

Prev by Date: Re: concrete steps for improving apt downloading security and privacy
Next by Date: Re: concrete steps for improving apt downloading security and privacy
Previous by thread: Re: concrete steps for improving apt downloading security and privacy
Next by thread: Re: concrete steps for improving apt downloading security and privacy
Index(es):
- Date
- Thread