On Fri, Mar 07, 2003 at 10:08:59AM -0500, Bob Paige wrote:
> I am curious about how secure the apt-get system is; is it possible to
> spoof a debian server and thus send compromised updates to a given machine?
Yes, since apt-get doesn't check signatures, yet. Search the
debian-devel archives for
Bob Paige said:
>
> But in your case, the maintainer put up some bogus packages.
>
> What I'm really thinking about is the appropriateness of using Debian for
> a Linux-based appliance. At my work they have Linux appliances, but they
> are always based on RedHat. I would think the apt-get functio
* Bob Paige <[EMAIL PROTECTED]> [20030307 11:53 PST]:
> So, what is the chance that someone could spoof access to an update
> server? Does apt-get provide some sort of security (i.e. ssh connection
> to the server, or digital signatures on the packages)?
You can use signed packages for something
nate wrote:
Bob Paige said:
I am curious about how secure the apt-get system is; is it possible to
spoof a debian server and thus send compromised updates to a given
machine?
If you have 3rd party apt sources in your sources.list it is very
easy to spoof an update. Which is one reason I do
Bob Paige said:
> I am curious about how secure the apt-get system is; is it possible to
> spoof a debian server and thus send compromised updates to a given
> machine?
If you have 3rd party apt sources in your sources.list it is very
easy to spoof an update. Which is one reason I don't have 3rd p
I am curious about how secure the apt-get system is; is it possible to
spoof a debian server and thus send compromised updates to a given machine?
--
Bobman
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
6 matches
Mail list logo
