[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#515940: is secure-apt used in ALL places?

Package: apt
Severity: wishlist


This is perhaps more a question but depending on the answer it will become a wishlist bug ;)

Is secure apt used in all places of apt?
Of course it is when installing/upgrading new packages (i.e. apt-get install,upgrade,dist-upgrade,build-dep)

What about apt-get source? Are the source package parts checked? Each of them?

And in general,... are packages checked after downloading, or before installing. I mean,.. e.g. the packages in /var/cache/apt/archives/ are they secured/checked, and could I use (e.g. dpkg -i) them manually... or are they only checked when actually used (e.g. installed) by apt?

What about apt-cache? E.g. when doing package searches or displaying package descriptions?

Now that MD5 seems to be really broken,... does apt-get still use the MD5 hashes? If so, this should be disabled and _ONLY_ newer hashes should be used (e.g. SHA512).
If not present, the package should be considered invalid.


-- System Information:
Debian Release: 5.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-heisenberg (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages apt depends on:
ii debian-archive-keyring 2009.01.31 GnuPG archive keys of the Debian a
ii  libc6                         2.7-18     GNU C Library: Shared libraries
ii  libgcc1                       1:4.3.3-4  GCC support library
ii  libstdc++6                    4.3.3-4    The GNU Standard C++ Library v3

apt recommends no packages.

Versions of packages apt suggests:
ii  apt-doc                Documentation for APT
ii  aptitude            terminal-based package manager
ii bzip2 1.0.5-1 high-quality block-sorting file co
ii  dpkg-dev                     1.14.25     Debian package development tools
ii lzma 4.43-14 Compression method of 7z format in
ii  python-apt                   0.7.8       Python interface to libapt-pkg

-- no debconf information

This message was sent using IMP, the Internet Messaging Program.

Reply to: