René Mayrhofer wrote: > On 2014-09-25 06:24, Hans-Christoph Steiner wrote: >> >> W. Martin Borgert wrote: >>> On 2014-09-24 23:05, Hans-Christoph Steiner wrote: >>>> * the signature files sign the package contents, not the hash of >>>> whole .deb file (i.e. control.tar.gz and data.tar.gz). >>> So preinst and friends would not be signed? Sounds dangerous to me. >> All package contents would be signed, except the signature itself. The >> signature would be a separate file in the ar archive of the .deb that signs >> control.tar.gz and data.tar.gz. See jar or apk format for an example of how >> this works. > I know I'm late to the discussion, but for the record, I fully agree > with this approach as the probably best compromise between usability > (don't underestimate that, see the emergence of the various "app shops" > for Linux applications), security, and flexibility. If anybody wants to > work on that, I'm happy to support it in the University Linz context > (i.e. as student work, thesis, etc.) and contribute to the process > (although, depressingly but realistically, not the implementation). > > Rene
Since you mention Austria, I'll be based in Vienna from Oct 30th until March 3rd, perhaps we could even arrange a dev meeting/sprint on this topic in Linz or Vienna. .hc -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543fe36a.5070...@at.or.at