On Thu, 2009-02-19 at 15:28 +0100, Thijs Kinkhorst wrote: > I do not understand what security problem could arise that using the > Release file signing could alleviate. Suppose I supplied a crafted > version, what then? Well of course the information provided via apt-file is probably not that most security critical ;-) ...
> The Release files do not currently sign the Contents files. I cannot think > of what we should gain with doing that. ...anyway should these be ever signed (perhaps this can be requested) it's generally worth to secure things. It doesn't cost much, and makes everything more secure. Perhaps we cannot even think right now about possible scenarios, where information provided by apt-file might be indeed security critical. > It seems very hard to create a md5-colliding Contents file that is still > parsed by apt-file.. Of course,.. but 5-6 years ago everybody thought it would be difficult to create any md5 collision... now we now it better.... in 4 years it might be done in a few minutes,.. even with reasonable contents. Why should one ever use a broken algorithm,.. if there are better ones?! Best wishes, Chris.
smime.p7s
Description: S/MIME cryptographic signature
