Bug#515940: is secure-apt used in ALL places?

Wed, 18 Feb 2009 04:31:10 -0800 

Package: apt
Version: 0.7.20.2
Severity: wishlist


Hi.
This is perhaps more a question but depending on the answer it will become a wishlist bug ;) 

Is secure apt used in all places of apt?
Of course it is when installing/upgrading new packages (i.e. apt-get install,upgrade,dist-upgrade,build-dep) 

What about apt-get source? Are the source package parts checked? Each of them?
And in general,... are packages checked after downloading, or before installing. I mean,.. e.g. the packages in /var/cache/apt/archives/ are they secured/checked, and could I use (e.g. dpkg -i) them manually... or are they only checked when actually used (e.g. installed) by apt?
What about apt-cache? E.g. when doing package searches or displaying package descriptions?
Now that MD5 seems to be really broken,... does apt-get still use the MD5 hashes? If so, this should be disabled and _ONLY_ newer hashes should be used (e.g. SHA512). 
If not present, the package should be considered invalid.


Thanks,
Chris.


-- System Information:
Debian Release: 5.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-heisenberg (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages apt depends on:
ii debian-archive-keyring 2009.01.31 GnuPG archive keys of the Debian a 
ii  libc6                         2.7-18     GNU C Library: Shared libraries
ii  libgcc1                       1:4.3.3-4  GCC support library
ii  libstdc++6                    4.3.3-4    The GNU Standard C++ Library v3

apt recommends no packages.

Versions of packages apt suggests:
ii  apt-doc                      0.7.20.2    Documentation for APT
ii  aptitude                     0.4.11.11-1 terminal-based package manager
ii bzip2 1.0.5-1 high-quality block-sorting file co 
ii  dpkg-dev                     1.14.25     Debian package development tools
ii lzma 4.43-14 Compression method of 7z format in 
ii  python-apt                   0.7.8       Python interface to libapt-pkg

-- no debconf information

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.




--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to