Bug#413070: notes on security

To: Jari Aalto <jari.aalto@cante.net>
Cc: 413070@bugs.debian.org
Subject: Bug#413070: notes on security
From: Christoph Anton Mitterer <christoph.anton.mitterer@physik.uni-muenchen.de>
Date: Sun, 06 Sep 2009 14:06:01 +0200
Message-id: <[🔎] 20090906140601.30825n1wcsimbd8o@webmail.physik.uni-muenchen.de>
Reply-to: Christoph Anton Mitterer <christoph.anton.mitterer@physik.uni-muenchen.de>, 413070@bugs.debian.org
In-reply-to: <[🔎] 87bplo1rho.fsf@jondo.cante.net>
References: <[🔎] 20090906011255.16964n48m45kn4w0@webmail.physik.uni-muenchen.de> <[🔎] 87bplo1rho.fsf@jondo.cante.net>

Quoting Jari Aalto <jari.aalto@cante.net>:

I think you refer to tar.gz etc. sources that are available from Web
pages. In this case the sources are fetched from Bazaar version control
repository hosted by launchpad.net. The repository's integrity isn't
compromized while the cloning, the download, happends.

If you have more information about bzr version control repository
breaches or their lack of security, please let me know.

Not sure how the source for the code would improve security?

I mean regardless of whether you download a tgz or something fromVCS,... this means, that without additional checking, installation ofa debian package introduces unverified code, or not?


Chris.

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

Reply to:

Follow-Ups:
- Bug#413070: notes on security
  - From: Jari Aalto <jari.aalto@cante.net>

References:
- Bug#413070: notes on security
  - From: Christoph Anton Mitterer <christoph.anton.mitterer@physik.uni-muenchen.de>
- Bug#413070: notes on security
  - From: Jari Aalto <jari.aalto@cante.net>

Prev by Date: Bug#435809: marked as done (ITP: assaultcube-data -- a realistic first person shooter game)
Next by Date: Bug#497701: libv8 in debian
Previous by thread: Bug#413070: notes on security
Next by thread: Bug#413070: notes on security
Index(es):
- Date
- Thread