Bug#749795: holes in secure apt

To: debian-devel@lists.debian.org
Cc: 749795@bugs.debian.org
Subject: Bug#749795: holes in secure apt
From: Thorsten Glaser <t.glaser@tarent.de>
Date: Mon, 16 Jun 2014 12:04:51 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.2.10.1406161203450.26902@tglase.lan.tarent.de>
Reply-to: Thorsten Glaser <t.glaser@tarent.de>, 749795@bugs.debian.org
In-reply-to: <[🔎] 20140612152550.GA27001@crossbow>
References: <[🔎] 1402527988.4739.34.camel@heisenberg.scientia.net> <[🔎] 20140612152550.GA27001@crossbow>

On Thu, 12 Jun 2014, David Kalnischkies wrote:

> For your attack to be (always) successful, you need a full-sources
> mirror on which you modify all tarballs, so that you can build a valid
> Sources file. You can't just build your attack tarball on demand as the

Erm, no? You can just cache a working Sources file and exchange
the paragraph you are interested in. That’s something that would
be easy in a CGI written in shell, *and* perform well. Trivial.

bye,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

Reply to:

Follow-Ups:
- Bug#749795: holes in secure apt
  - From: David Kalnischkies <david@kalnischkies.de>

References:
- Bug#749795: holes in secure apt
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Bug#749795: holes in secure apt
  - From: David Kalnischkies <david@kalnischkies.de>

Prev by Date: Bug#749795: apt: no authentication checks for source packages
Next by Date: Bug#749795: apt: no authentication checks for source packages
Previous by thread: Bug#749795: holes in secure apt
Next by thread: Bug#749795: holes in secure apt
Index(es):
- Date
- Thread