Re: concrete steps for improving apt downloading security and privacy

To: debian-security@lists.debian.org
Subject: Re: concrete steps for improving apt downloading security and privacy
From: Michael Stone <mstone@debian.org>
Date: Wed, 16 Jul 2014 06:24:43 -0400
Message-id: <[🔎] 2d6a9800-0cd3-11e4-a8ca-00163eeb5320@msgid.mathom.us>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 201407160145.43792.holger@layer-acht.org>
References: <[🔎] CACJnc4hN93PJHuWm_GU-sXASW-65OaDtNJL6jH0gumqbyLsv8Q@mail.gmail.com> <[🔎] 53C58E06.3030808@at.or.at> <[🔎] 934303a6-0c60-11e4-b95c-00163eeb5320@msgid.mathom.us> <[🔎] 201407160145.43792.holger@layer-acht.org>

On Wed, Jul 16, 2014 at 01:45:36AM +0200, Holger Levsen wrote:

AIUI Hans-Christoph wants something else _also_, not instead. And technically
I think those signed .debs even exist already, via hashes in signed .changes
files. Or am I getting something wrong?


Yes you are--what you described is exactly how the Release files work.

Mike Stone

Reply to:

Follow-Ups:
- Re: concrete steps for improving apt downloading security and privacy
  - From: Holger Levsen <holger@layer-acht.org>

References:
- Re: concrete steps for improving apt downloading security and privacy
  - From: Kitty Cat <realizar.la.paz@gmail.com>
- Re: concrete steps for improving apt downloading security and privacy
  - From: Hans-Christoph Steiner <hans@at.or.at>
- Re: concrete steps for improving apt downloading security and privacy
  - From: Michael Stone <mstone@debian.org>
- Re: concrete steps for improving apt downloading security and privacy
  - From: Holger Levsen <holger@layer-acht.org>

Prev by Date: Re: concrete steps for improving apt downloading security and privacy
Next by Date: Re: concrete steps for improving apt downloading security and privacy
Previous by thread: Re: concrete steps for improving apt downloading security and privacy
Next by thread: Re: concrete steps for improving apt downloading security and privacy
Index(es):
- Date
- Thread