Thanks.
I'm new here. I was not on this list then. However, I just read the thread:
https://lists.debian.org/debian-security/2011/01/msg2.html
I saw that some of my concerns were mentioned there about obtaining and
verifying installation media, MITM attacks, etc.
I have previously verified
On Wed, Jul 9, 2014 at 11:23 PM, Michael Stone wrote:
> I frankly find it hard to believe that someone who is unwilling to click
> past the first link when researching actually cares much about any kind of
> writeup of threat models. I'll make it simple: if you're completely
> unsophisticated and
On Wed, Jul 09, 2014 at 11:11:44PM -0400, Darius Jahandarie wrote:
If Tux Q. Debiannewbie doesn't know what adversaries with what powers
they are/aren't protected against for their use cases without looking
hard and being a security expert, it's hard to make serious claims
that Debian is actually
On Wed, Jul 9, 2014 at 10:53 PM, Michael Stone wrote:
> On Wed, Jul 09, 2014 at 10:15:59PM -0400, Darius Jahandarie wrote:
>>
>> It would be nice for this information to be somewhere more formal than
>> in mailing list archives. Threat models are becoming increasingly
>> important to convey to end
On Wed, Jul 09, 2014 at 10:15:59PM -0400, Darius Jahandarie wrote:
It would be nice for this information to be somewhere more formal than
in mailing list archives. Threat models are becoming increasingly
important to convey to end users.
The mailing list discussion referenced the sources...
-
On Wed, Jul 09, 2014 at 06:29:09PM -0600, Kitty Cat wrote:
For years I have been concerned with MITM attacks on Debian mirrors.
We discussed this literally within the past couple of months on this
list, at length. Have you read the archives, including the posts about
how to establish a trust
On Wed, Jul 9, 2014 at 10:11 PM, Michael Stone wrote:
> On Wed, Jul 09, 2014 at 06:29:09PM -0600, Kitty Cat wrote:
>>
>> For years I have been concerned with MITM attacks on Debian mirrors.
>
>
> We discussed this literally within the past couple of months on this list,
> at length. Have you read
For years I have been concerned with MITM attacks on Debian mirrors.
I think the only valid solution would be to individually sign EACH package
with a valid GPG
signature from a trusted source.
I think EACH official package from Debian should be GPG signed by both
package maintainers and
also sig
THX
Message du : 08/07/2014 23:34
De : "Salvatore Bonaccorso "
A : debian-security-annou...@lists.debian.org
Copie à :
Sujet : [SECURITY] [DSA 2974-1] php5 security update
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- ---
Thank You S. B. very much. now all I have to do; is Buy a new PC.
Thanks again, dth
On Sun, Jul 6, 2014 at 9:16 AM, Salvatore Bonaccorso
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> - -
> Debian Securi
10 matches
Mail list logo
