Re: concrete steps for improving apt downloading security and privacy

To: debian-security@lists.debian.org
Subject: Re: concrete steps for improving apt downloading security and privacy
From: Paul Wise <pabs@debian.org>
Date: Tue, 15 Jul 2014 00:31:12 +0800
Message-id: <[🔎] CAKTje6Fk+8zDHmQRsqYLDe0ABAb8q2OMrnRmvyhp2OyYFe=wbQ@mail.gmail.com>
In-reply-to: <[🔎] 53C40446.8010309@at.or.at>
References: <[🔎] 53B6150A.3000602@at.or.at> <[🔎] CACJnc4hN93PJHuWm_GU-sXASW-65OaDtNJL6jH0gumqbyLsv8Q@mail.gmail.com> <[🔎] 53C40446.8010309@at.or.at>

On Tue, Jul 15, 2014 at 12:24 AM, Hans-Christoph Steiner wrote:

> I agree that .deb packages should be individually signed
...
> This has been discussed in the past.  I really think it is just a
> matter of someone doing the work.

The work has been done many years ago and has been in the archive for
ages but has probably bitrotten since apt repo signing won (mostly,
some derivatives don't sign their repos) and now no-one uses deb
signing (probably). The packages are dpkg-sig debsigs debsig-verify.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Reply to:

Follow-Ups:
- Re: concrete steps for improving apt downloading security and privacy
  - From: Hans-Christoph Steiner <hans@at.or.at>

References:
- concrete steps for improving apt downloading security and privacy
  - From: Hans-Christoph Steiner <hans@at.or.at>
- Re: concrete steps for improving apt downloading security and privacy
  - From: Kitty Cat <realizar.la.paz@gmail.com>
- Re: concrete steps for improving apt downloading security and privacy
  - From: Hans-Christoph Steiner <hans@at.or.at>

Prev by Date: Re: concrete steps for improving apt downloading security and privacy
Next by Date: Re: concrete steps for improving apt downloading security and privacy
Previous by thread: Re: concrete steps for improving apt downloading security and privacy
Next by thread: Re: concrete steps for improving apt downloading security and privacy
Index(es):
- Date
- Thread