>From Jan Niehusmann on Friday, 18 October, 2002: >On Fri, Oct 18, 2002 at 08:24:31AM -0400, R. Bradley Tilley wrote: >> Can someone explain why 'apt-get update && apt-get dist-upgrade' is not >> sufficient to keep a debian system secure and updated?
>Of course, if the hacker managed to modify files on the master server, >proper signatures would automatically get generated, and apt-check-sigs >had no chance to detect these modifications. Still, checking signatures >provides one more line of defense. I've been thinking up a new, more secure way of doing apt. (Actually, it's a modification of the current system.) It kind of has two levels, one trusting apt's integrity, and the second would be a very paranoid system, which requires more hardware knowledge (smartcard-like businesses) than I currently possess. If people are interested enough in it, I might throw together something more formal. -Joseph -- [EMAIL PROTECTED] "Alt text doesn't pop up unless you use an ancient browser from the days of yore. The relevant standards clearly indicate that it should not, and I only know about one browser released in the last two years that violates this, and it's still claiming compatibility with Mozilla 4 (which was obsolete quite long ago), so it really can't be considered a modern browser." --jonadab, in a slashdot.org comment.