-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Sam Tygier wrote: > it looks like they have got the security side covered. > > "Now, one might think this could potentially pose a security threat > as everyone can offer and distribute debs without any > authentication whatsoever. This is not the case as we are not yet > caching the package lists or pdiffs, which are PGP-signed and > contain MD5, SHA1 and SHA256 checksums of the packages. But due to > the trusted PGP signatures, caching package lists shouldn't be an > issue." > > Is there any reason this would not be sufficient? I see many ways to trick someone into installing newer versions of existing common packages that include malicious files, using apt-zeroconf. You'd be surprised how many people will click through any amount of security warnings if approached with authority by a neighbor. An Internet cafe comes to mind, but many other public places would also serve this purpose. You'd guess I love being paranoid about this.
> The only thing I can imagine is some sort of DOS attack by sending > a large number of requests to one machine. Maybe checking for > shared packages on the network could be enabled by default, but > sharing disabled. The option to enable sharing could be in System > -> Administration -> Software Sources If this was actually checked against a local web of trust (like OpenPGP or Gaim-OTR keys or else) it may become interesting. But who uses that "safely" ? :) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: PGP/Mime available upon request Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHPIeHfUcTXFrypNURAw11AJ4imDZOFur2KkChrkwSuIevF0PH7gCeMMkd ukGYlyYrvzBkDMbdp+1e6F4= =tLrv -----END PGP SIGNATURE----- -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
