On Thu, Nov 24, 2005 at 07:17:06PM +0100, Goswin von Brederlow wrote:

> > That's easy: you trust the Packages file to be correct when using apt,
> > and it's not verified at all by per-package signatures.

> In what way trust and how does that change anything?

> At best you can prevent a newer version of a package to appear in the
> Packages file by compromising it. You can't subvert a package itself.
> But you can already ship yesterdays Release.gpg, Release and Packages
> file to a user and thereby prevent any updates.

> On the other hand, without package signatures ftp-master adds a
> vulnerability. You can hack into it, replace debs, recreate the
> Packages, Release and Release.gpg file and thereby infect users. With
> signed debs that could still be detected by every user in apt-get.

Only if every user is in a position to verify signatures from each Debian
developer individually, which is completely unrealistic.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
[EMAIL PROTECTED]                                   http://www.debian.org/

Attachment: signature.asc
Description: Digital signature

Reply via email to