On Mon, Aug 23, 2004 at 01:03:54AM +0200, martin f krafft wrote: > Debian did not have package signatures for years, and it's been > rarely a problem. Now we are going to add them, but the sole effect > is that of a false security feeling. To me, APT 0.6 is snake oil, > which is *not* an offence to the guys behind apt-secure. It's > a criticism of the organisation as a whole, and it's a rant without > a solution that I can propose.
While you have a point that the huge number of people with full write access to the archive is a problem, I still think that apt 0.6 serves a purpose: It makes local mirrors more secure. And that is an important point: While an attack agains central debian infrastructure could compromise a huge number of users at once, it's likely to get detected quite soon. Therefore, it's a likely target for some random hacker group trying to get mentioned on slashdot. But more dangerous attackers, like companies trying to spy on their competitors, are more likely to target a local mirror. And a compromise of a local mirror, perhaps modifying it in a way that it only gives modified packages to a certain client, is very likely to stay undetected for a long time. But that's exactly the kind of compromise which would be caught by apt 0.6 immediately. > I think, adding package signatures will actually make Debian less > secure than it was before, although it's doubtful that the average > user will notice or care. I don't think so. It's just very important to understand that apt can only close a few attack vectors. Jan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
