[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debcheckroot v2.0 released

On Tue, 2020-03-24 at 15:48 +0100, Elmar Stellnberger wrote:

> I hope this is gonna happen anytime soon. DANE and thus a valid TLSA 
> record is of very high value and importance for getting a genuine 
> download of Debian. As I have mentioned before downloads via Tor can be 
> spoofed like my last Debian Live 10 download which turned out to be 
> infected by debchecheckrooting against the Debian 10 DL-BD.

TBH, very few people care about DNSSEC and vastly fewer than that care
about DANE so I expect at some point support for both will disappear
from both the DNS root servers and all DNS software.

You shouldn't be relying on DNSSEC/DANE/TLS to verify Debian image
downloads anyway, since they have OpenPGP signatures:




Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: