On Thu, Dec 04, 2003 at 03:03:39AM +0100, Goswin von Brederlow wrote: > Signed debs establish a trust chain from the buildd to the user and > from the buildd-admin/maintainer to the user as well as copy the > existing trust chain from ftp-master to the user into the deb itself. > > The Release.gpg only protects against a mirror being hacked. Checking > it is important but not as powerfull as a signature in the deb.
This sounds backwards. Release signing protects against a hostile or compromised mirror, network, DNS server, proxy server, and a host of other, similar attacks, and also prevents most forms of the "substitute old, vulnerable packages" attack. What kind of real world attacks do signed debs prevent? Not a compromised buildd, or a compromised maintainer's workstation. -- - mdz
