On Sat, Oct 25, 2008 at 02:33, Kees Cook <[EMAIL PROTECTED]> wrote:
> [...]
>
> Additionally, it doesn't matter -- it's just the md5 in the email
> announcement. The Release and Packages files for the archive have SHA1
> and SHA256. The md5 from the announcement is almost not important,
> IMO --
On Sun, Apr 6, 2008, Bernd Eckenfels <[EMAIL PROTECTED]> wrote:
> In article <[EMAIL PROTECTED]> you wrote:
> > I trust the archive maintainers and have a secure way to get a copy of
> > their public key. I don't trust individual developers and cannot have
> > all of their keys securely distribu
On Sun, Apr 6, 2008, Bernd Eckenfels <[EMAIL PROTECTED]> wrote:
>
> It should be possible to verify the package on install time. (Especially
> when not using apt-get).
>
> Not sure if debsig-verify can work in that environment.
debsig-verify is not applicable in my case. It implements a differe
On Sun, Apr 6, 2008, Julien Stuby <[EMAIL PROTECTED]> wrote:
> Hi,
>
> If some packages are localy modified, This suggests that your local system
> is already compromised.
> :¬
Of course. I will be verifying the integrity of my .deb files from
another, more trusted system (a LiveCD or a hardene
I would like to verify that some .deb files I downloaded a while ago
(using apt) haven't been tampered with. (Actually, I'll be doing this
kind of thing more than once.) I have the appropriate Release,
Release.gpg and Packages files.
As the apt-secure(8) manual page states, apt verifies the integr
On 7/11/07, Alec Berryman <[EMAIL PROTECTED]> wrote:
I can't speak for the security team, but the testing security team could
always use more people doing what you apparently already do - determine
which new CVEs affect Debian and find ways to get those issues fixed.
Actually I'm not currently
On 7/11/07, Martin Schulze <[EMAIL PROTECTED]> wrote:
Do you know about
http://www.debian.org/security/nonvulns-etch
Oh, that's great. I should have read the website more carefully! Thanks.
What about providing a more elaborate summary for some issues? Some
entries merely say that the bug is
I would like to propose that Debian security teams publish a short
report each time they review a vulnerability in a program that's
included in Debian and find that the vulnerability does *not* affect
Debian.
Problem description
When I maintain a secure machine, I naturally want to keep it secur
>On Wed, 11 Feb 2004 01:41:13 +, I wrote:
>The idea of removing the "-bd" switch from the Exim startup line in
>/etc/init.d/exim is appealing, though I guess I'd have to remember to
>make that amendment every time a major upgrade occurred ... in that
>context, I suppose editing exim.conf is mor
>On Wed, 11 Feb 2004 01:41:13 +, I wrote:
>The idea of removing the "-bd" switch from the Exim startup line in
>/etc/init.d/exim is appealing, though I guess I'd have to remember to
>make that amendment every time a major upgrade occurred ... in that
>context, I suppose editing exim.conf is mor
ted.
Feel free not to send your reply to debian-security if my problem is not
related to security in any way.
Please cc your reply to me.
Please point an appropriate place (a mailing list, a newsgroup) to ask
more about my problem if it cannot be related to security.
Regards,
Alexander K
ted.
Feel free not to send your reply to debian-security if my problem is not
related to security in any way.
Please cc your reply to me.
Please point an appropriate place (a mailing list, a newsgroup) to ask
more about my problem if it cannot be related to security.
Regards,
Alexander K
12 matches
Mail list logo