On Thu, Dec 04, 2003 at 12:28:41PM -0600, Manoj Srivastava wrote: > On Thu, 4 Dec 2003 11:47:50 -0500, Matt Zimmerman <[EMAIL PROTECTED]> said: > > > What kind of real world attacks do signed debs prevent? Not a > > compromised buildd, or a compromised maintainer's workstation. > > It would allow me to copy .debs around with other people, or > use .debs not made available through the usual chain of security; as > long as the author hapens to be in my web of trust.
What kind of real world attacks do signed debs prevent? The only one which comes to mind is a rogue Debian developer that you do not wish to trust, even though the project trusts him. -- - mdz
