Hi,
To my understanding the package process is fairly secure on the incoming
side of Debian's package managment system. Maintainers sign their uploads
which prevents a man-in-the-middle attack.
These packages are then checksumed in Packages.gz, but nowhere is that
file signed, that I know of. This opens up the users to an ftp
man-in-the-middle attack during the upgrade process.
The only way a user can currently be sure he has a system from the
code the maintainers use is to compile all the packages himself (I'm
speaking from a truly paranoid security standpoint here :) ), since
the *dsc files are signed.
So my question is, what are your thoughts on adding a signature to the
current Packages.gz file, or adding a similar *dsc file for it,
which is then signed? Are there any reasons why this hasn't been done yet
besides the obvious "nobody has time"? :-)
Thanks. Please CC me on replies, since I'm not on the list.
- Chris
--
-------------------------------------------
"Chase the dream, not the competition."
- motto of the Nemesis Air Racing Team
