Am Samstag, 27. August 2005 15:44 schrieb martin f krafft: > No. Imagine exim gets a root exploit and I spoof the DNS to some > mirror of s.d.o. That mirror will be consistent wrt secure APT, but > it won't get updates, so admins who don't follow DSAs and run > apt-get upgrade consciously and carefully are going to be left in > the naive belief that they are safe because s.d.o doesn't have any > new stuff.
This scenario could be avoided if s.d.o would authenticate itself. Is authentication of the server something which has been considered with secure apt? Even if you mirror all of s.d.o you still do not have it's certificates. -- Rudolf Lohner - Universitaet Karlsruhe (TH) Rechenzentrum, Zirkel 2, D-76128 Karlsruhe Phone: +49-721-608-6958, Fax: +49-721-32550 E-Mail: [EMAIL PROTECTED] http://www.rz.uni-karlsruhe.de/~Rudolf.Lohner -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
