On Thu, 2009-09-17 at 23:02 -0400, Michael S Gilbert wrote: > checksums are a good start, but if the data itself is non-free (or > closed or obscured), then how can you be sure it is not malicious? Of course not at all.... but we should try to secure as much as possible and close as many holes as possible.
In case of closed source,.. if upstream goes evil,.. we will never be able to do anything. Perhaps one should split those source out of non-free, so that: non-free == non-dfsg compliant, but "open source code". closed-section == non-dfsg and closed (e.g. Adobe flash). Of course one could ban such totally closed software completely from debian,.. but I think this would be a bad idea,.. at least some of them is quite important (e.g. nvidia) for so many users. But an own section could be worth it. If it's not upstream that gets evil, but just some man-in-the-middle attackt,.. verifying closed source stuff will still improve security, as I've described in my mail before. > i think it is a matter of trust, and maybe the key would be that scripts > should only accept the external data if it is signed and hashed by an > authenticated DD's gpg key. Yeah,.. as I've said,.. the signatures/hashes to those files/data/code should always be under Debian's control,... not just e.g. downloading (https secured) md5 hashes from Adobe's website,.. and verify them against the most recent flash version should NOT be done by the package. This should be done by the Debian maintainer. Cheers, Chris. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
