Bob Paige said: > > But in your case, the maintainer put up some bogus packages. > > What I'm really thinking about is the appropriateness of using Debian for > a Linux-based appliance. At my work they have Linux appliances, but they > are always based on RedHat. I would think the apt-get functionality would > be much more reliable than RPM-hell. > > In the debian-appliance scenario I don't think you'd want to use the > standard debian sources. Rather, you'd want to control them, for example > the manufacturer of the appliance could run a server of approved/tested > updates. That way we could provide application updates in addition to > security updates to a customer box. > > So, what is the chance that someone could spoof access to an update > server? Does apt-get provide some sort of security (i.e. ssh connection > to the server, or digital signatures on the packages)?
apt stores/checks(I think) MD5sums of packages(not sure if all of them have MD5sums or not). It's real easy to setup your own debian mirror I had 2 at my last employer, we had about 45 debian systems in 2 states. Made updates and installs lightning fast :) There are no digital signatures on the packages themselves as far as I know, nor is there a publically available archive accessable via some sort of encryption method. debian is very ideal for appliances, many existing linux appliances are based on debian from what I have seen. Probably mostly due to the high QA quality of the debian project. Check out www.linuxdevices.com they list most(all?) known linux embedded devices.. my grandfather's ThinkNIC internet appliance is based on debian as well though there is no dpkg or apt on it, its REAAAALY stripped down. though since apt-get uses simple ftp and http you can easily tunnel these accross a vpn or in the case of http, accross stunnel as well. One of the things I love about linux(and unix to a lesser extent) is how well the different tools can work together extending the functionality of existing software without modifying the existing software in any way. I use stunnel now to encrypt LDAP and MySQL connections. All in all I'd strongly reccomend debian over redhat, the packages are much more fine grained(many apps are split up into many many different packages depending on the functionality you need), the high QA quality, the long release cycles, the "reputation" for the "stable" tree for being "stable", etc.. you can even use dpkg-repack to backup existing packages before upgrading, though downgrading a package is not always foolproof, at least you'd have a copy of the most recent version of the package. nate -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
