On Fri, Oct 18, 2002 at 08:20:14AM -0500, Joseph Pingenot wrote: > If people are interested enough in it, I might throw together something > more formal.
IMHO there is no lack of interesting ideas - what we really need are implementations. apt-check-sigs is a nice proof-of-concept, and the debsigs stuff could also improve security significantly. Together, I'd say they'd suffice to make the debian mirrors extremely tamper-proof. But apt-check-sigs is lacking nice integration into existing tools, and debsigs doesn't really work, because packages are not signed, which is IMHO caused by inappropriate helper tools at packaging time. So implementing these tools, and then changing policy to make package signatures mandatory, seems to be the most feasible approach. Writing new proposals for advanced security schemes doesn't help and may even delay implementation of working mechanismns. Jan
