On Sat, May 31, 2014, at 12:06 AM, micah anderson wrote: > >> > The cryptographic signatures that are validated automatically by > >> > apt. > >> > >> What's stopping the attacker from serving a compromised apt? > > > > apt will check that the new apt is properly signed. > > This entire secure artifice depends entirely on the integrity of apt, > and presumably the various libraries that it depends on. > > Now I don't want to call into question the esteemed authors of said > program, and depending libraries, but I do think that providing https > mirrors gives us two distinct advantages over plain http: > > . in the case that there is a bug in apt, or gpg, or something > else, having https would provide at minimum a minor set of > defense against bulk, non-targeted quantum insert and > foxacid attacks, not to mention MiTM compromises from a > hostile local network
Yep, already mentioned this one. This is my biggest issue. I'm beginning to this should be classified as a security bug in Debian. > . keeps an adversary who may be listening on the wire from > looking at what you are installing. who cares what you are > installing? well it turns out that is very interesting > information. If you can see that I've just installed X > package, and you then just look over at our security tracker > and find that this package has an exploit... It's only metadata, so who cares right? Only kidding. This is a totally legitimate scenario which I didn't think of. Nice. Alfie -- Alfie John alf...@fastmail.fm -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1401459088.20943.123308065.4e198...@webmail.messagingengine.com
