On Fri, Dec 05, 2003 at 12:24:07AM +0100, Goswin von Brederlow wrote: > Matt Zimmerman <[EMAIL PROTECTED]> writes: > > > Release signing protects against a hostile or compromised mirror, > > network, DNS server, proxy server, and a host of other, similar attacks, > > and also prevents most forms of the "substitute old, vulnerable > > packages" attack. > > Any compromise happening before the package left ftp-master.d.o is not > covered by this. That means that if master is compromised a vulnerable > binary can be slipped into the archive and nothing will detect it.
So the only real-world attack which is addressed by signed debs is an ftp-master compromise? This is the only answer you have given to my original question. -- - mdz
