Re: task-laptop: please recommend automatic apt proxying

2021-09-15 Thread Russ Allbery 
Russ Allbery  writes:

> Please do not do this.  I do not want to have to reason about the
> security impact of someone who controls local DNS taking over my apt
> sources.

Incidentally, this is also exactly why I believe we should be using https
by default, so that a compromise of the local DNS to point to an untrusted
apt server fails at the TLS certificate validation stage rather than
continuing on to talk to an untrusted apt server for sufficiently long to
start downloading files and checking signatures and thus exposing more
attack surface.

-- 
Russ Allbery (r...@debian.org)

Re: task-laptop: please recommend automatic apt proxying

2021-09-15 Thread Russ Allbery 
Phil Morrell  writes:

> Package: task-laptop
> Version: 3.53
> Severity: wishlist

> I'm not sure on the difference between auto-apt-proxy and
> squid-deb-proxy-client. Avahi is already pulled in by task-laptop.

Please do not do this.  I do not want to have to reason about the security
impact of someone who controls local DNS taking over my apt sources.  I
understand that people believe that this is harmless because of apt
signature checking, but it still opens more attack paths and routes to
exercise other possible vulnerabilities.

The safe default for Debian in any standard installation mode, which I
believe includes tasks, is to talk explicitly to Debian infrastructure.
If people would like to improve local performance, they should automate
the configuration of the machines that they control, with the permission
and understanding of the people who are using those machines.

We should not enable people who control the local network but not the
Debian system to dynamically change security-relevant configuration of
that system, which I believe includes apt sources, without explicit
permission.

-- 
Russ Allbery (r...@debian.org)

task-laptop: please recommend automatic apt proxying

2021-09-15 Thread Phil Morrell 
Package: task-laptop
Version: 3.53
Severity: wishlist

I'm not sure on the difference between auto-apt-proxy and
squid-deb-proxy-client. Avahi is already pulled in by task-laptop.


On Fri, Sep 10, 2021 at 09:33:56AM +0200, Helmut Grohne wrote:
> On Wed, Sep 08, 2021 at 07:12:18PM -0400, Michael Stone wrote:
> > Why not simply automate setting it at install time using preseed? I'm
> > honestly not sure who the target audience for auto-apt-proxy is
> 
> Laptops of end-user systems are the target, but also developers. When
> people gather at a place (conference, hackspace, private meetup, etc.)
> downloading of .debs should just work quickly by default. Many such
> sites could easily provide a local cache and a number even do. BSPs tend
> to have a blackboard with information including the local mirror to use.
> Seriously, how many people change their mirror when they go to a BSP? If
> we installed auto-apt-proxy by default, much of the local caching would
> just work.



-- System Information:
Debian Release: 10.10
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable-debug'), (500, 
'oldstable'), (100, 'buster-fasttrack'), (100, 'buster-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-17-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_CRAP, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages task-laptop depends on:
ii  anacron  2.3-28
ii  tasksel  3.53

Versions of packages task-laptop recommends:
ii  avahi-autoipd   0.7-4+deb10u1
ii  bluetooth   5.50-1.2~deb10u2
ii  iw  5.0.1-1
ii  powertop2.8-1+b2
ii  wireless-tools  30~pre9-13
ii  wpasupplicant   2:2.7+git20190128+0c1e29f-6+deb10u3

task-laptop suggests no packages.

-- no debconf information


signature.asc
Description: PGP signature