[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#203741: apt-secure

On Mon, Sep 08, 2003 at 08:41:48PM -0600, Jason Gunthorpe wrote:

> That is correct. It is not a serious problem in practice because packages
> with the same version number are generally going to be the same.
> 
> However when dealing with security issues you can't just gloss over a
> problem like that, that's why I said I don't know how you'd fix it. I
> don't think you can fix it without changing dpkg to retain the md5sum in
> the status file, and even if you do that ideas like debsums break it..
> 
> This is also why you sign off on the security at update time, because even
> a single insecure or rough site can have very interesting effects on the
> meta data within the cache. The retry algorithms are just one interesting
> effect that's possible..

Argh, this is a show-stopper I think.  So there's no real security unless
every one of your sources is authenticated.  The whole system is only as
strong as the weakest link, and if you have any insecure source, it
compromises all of your available packages.  That's the reasoning behind the
confirmation prompt.  But if it's impossible to tell reliably where a
package comes from, I don't see how it can work.

These days, systems with unofficial sources in sources.list seem to be more
common than those without.

-- 
 - mdz
Reply to: