On Sat, May 31, 2014, at 12:11 AM, Michael Stone wrote: > On Fri, May 30, 2014 at 11:50:32PM +1000, Alfie John wrote: > >Several times (public and private) I tried to explain how the > >download of APT (the binary itself) on an initial Debian install > >could be compromised via MITM since it's over plaintext. Then the > >verification of packages could simply be skipped (hence NOP). I'm not > >sure why you're bringing libc and libgpg into the conversation. > > You were given a solution which is cryptographically sound and with a > verifiable trust path, and you're rejecting it because you simply > don't like it and would rather see a different solution with a weaker > trust path. I'm not sure why you're continuing this argument.
I'm not rejected it. I'm pretty happy with verifying packages via checksums hosted on a canonical Debian HTTPS site. My reaction was referring to Reid Sutherland's comments telling me in private that there was nothing to fear because there are smarter people in the room looking after everything. > If you want to engage in a serious discussion about enhancing the > current implementation or adding additional options, I'd suggest that > you first study how the current implementation works, why it was > implemented the way it was, the constraints inherent in the > distributed mirror model, etc. I'm definitely wanting to engage in serious discussion. I'm an avid Debian user and am wanting to protect its users. This *is* the Debian security mailing list after all right? All I was trying to do is ask questions as to why it is currently not being HTTPS-enforced and I got flamed for it. I understand the issue of distributing to mirrors and then the problem of trusting each other, but that's another discussion entirely. Alfie -- Alfie John alf...@fastmail.fm -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1401460379.27062.123315561.30584...@webmail.messagingengine.com