Re: concrete steps for improving apt downloading security and privacy

To: "debian-security@lists.debian.org" <debian-security@lists.debian.org>
Subject: Re: concrete steps for improving apt downloading security and privacy
From: Darius Jahandarie <djahandarie@gmail.com>
Date: Wed, 9 Jul 2014 23:11:44 -0400
Message-id: <[🔎] CAFANWtVwpq8qXOJ+yyn_nHpxYmq4HoAZN58Oo5EtCQUZOkeXyQ@mail.gmail.com>
In-reply-to: <[🔎] 44b71312-07dd-11e4-8a0a-00163eeb5320@msgid.mathom.us>
References: <[🔎] 53B6150A.3000602@at.or.at> <[🔎] CACJnc4hN93PJHuWm_GU-sXASW-65OaDtNJL6jH0gumqbyLsv8Q@mail.gmail.com> <[🔎] 20140710021124.GA27544@mathom.us> <[🔎] CAFANWtWQZfCVNB9OzM1wMccmzytVPjBToT4OM9w+bF9aNPCUQw@mail.gmail.com> <[🔎] 44b71312-07dd-11e4-8a0a-00163eeb5320@msgid.mathom.us>

On Wed, Jul 9, 2014 at 10:53 PM, Michael Stone <mstone@debian.org> wrote:
> On Wed, Jul 09, 2014 at 10:15:59PM -0400, Darius Jahandarie wrote:
>>
>> It would be nice for this information to be somewhere more formal than
>> in mailing list archives. Threat models are becoming increasingly
>> important to convey to end users.
>
>
> The mailing list discussion referenced the sources...

What I mean by "more formal" can be approximated by "discoverable by
searching 'debian security' on Google and clicking on the first link".

If Tux Q. Debiannewbie doesn't know what adversaries with what powers
they are/aren't protected against for their use cases without looking
hard and being a security expert, it's hard to make serious claims
that Debian is actually protecting its users.

(Halting the endless discussion loops on debian-security@ is just a
nice side effect of fixing the actual problem.)

-- 
Darius Jahandarie

Reply to:

Follow-Ups:
- Re: concrete steps for improving apt downloading security and privacy
  - From: Michael Stone <mstone@debian.org>

References:
- concrete steps for improving apt downloading security and privacy
  - From: Hans-Christoph Steiner <hans@at.or.at>
- Re: concrete steps for improving apt downloading security and privacy
  - From: Kitty Cat <realizar.la.paz@gmail.com>
- Re: concrete steps for improving apt downloading security and privacy
  - From: Michael Stone <mstone@debian.org>
- Re: concrete steps for improving apt downloading security and privacy
  - From: Darius Jahandarie <djahandarie@gmail.com>
- Re: concrete steps for improving apt downloading security and privacy
  - From: Michael Stone <mstone@debian.org>

Prev by Date: Re: concrete steps for improving apt downloading security and privacy
Next by Date: Re: concrete steps for improving apt downloading security and privacy
Previous by thread: Re: concrete steps for improving apt downloading security and privacy
Next by thread: Re: concrete steps for improving apt downloading security and privacy
Index(es):
- Date
- Thread