On Fri, May 30, 2014 at 11:50:32PM +1000, Alfie John wrote:
Several times (public and private) I tried to explain how the download of APT (the binary itself) on an initial Debian install could be compromised via MITM since it's over plaintext. Then the verification of packages could simply be skipped (hence NOP). I'm not sure why you're bringing libc and libgpg into the conversation.
You were given a solution which is cryptographically sound and with a verifiable trust path, and you're rejecting it because you simply don't like it and would rather see a different solution with a weaker trust path. I'm not sure why you're continuing this argument.
If you want to engage in a serious discussion about enhancing the current implementation or adding additional options, I'd suggest that you first study how the current implementation works, why it was implemented the way it was, the constraints inherent in the distributed mirror model, etc.
-- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140530141153.gb29...@mathom.us
