On Mon, Mar 08, 2010 at 05:59:13PM -0500, Joey Hess wrote: > Russ Allbery wrote: > > The missing link, in this validation scenario, is how to get a signed copy > > of the MD5 checksums of the files in the package. > > That's one missing link. The other one is that there are innumerable > ways for an attacker to inject bad behavior/backdoors onto a system > without touching binaries originating from dpkg.
Signatures don't prevent bugs, they don't prevent trojans, they don't prevent attacks on SSH. But they let you *detect* attacks. It's not that easy to install a root kit that hides all changes and you can always boot from a trusted medium to check your files. Without signatures, you can't, or at least it a lot harder. > Expecting debsums to > protect against any form of attack is bound to result in a false sense > of security; I don't expect that. harry -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100309033842.gb15...@nn.nn