Re: apt download security?

To: Bruce Richardson <brichardson@lineone.net>
Cc: debian-user@lists.debian.org
Subject: Re: apt download security?
From: Jason Gunthorpe <jgg@ualberta.ca>
Date: Tue, 7 Nov 2000 17:02:07 -0700 (MST)
Message-id: <[🔎] Pine.LNX.3.96.1001107170003.22709I-100000@wakko>
In-reply-to: <[🔎] 20001107224237.A15036@knossos>

On Tue, 7 Nov 2000, Bruce Richardson wrote:

> Unfortunately, while source packages can be checked quite easily, they
> are not always verifiable.  There is no simple mechanism for verifying
> debs *at all*.  Nor even Packages.gz - and the integrity of Packages.gz
> isn't actually a guarantee of the integrity of any of the packages.

Er we can provide a 'ssl-like' assurance for the Packages.gz which will
rule out any bad mirror from forging .debs

It is much harder to prevent attacks from people with root on our primary
box however!

Jason

Reply to:

References:
- Re: apt download security?
  - From: brichardson@lineone.net (Bruce Richardson)

Prev by Date: Re: Compiled debs are upgraded
Next by Date: RE: How to burn Linuxcare BBC ?
Previous by thread: Re: apt download security?
Next by thread: Re: apt download security?
Index(es):
- Date
- Thread