On 2014-09-25 06:24, Hans-Christoph Steiner wrote: > > W. Martin Borgert wrote: >> On 2014-09-24 23:05, Hans-Christoph Steiner wrote: >>> * the signature files sign the package contents, not the hash of >>> whole .deb file (i.e. control.tar.gz and data.tar.gz). >> So preinst and friends would not be signed? Sounds dangerous to me. > All package contents would be signed, except the signature itself. The > signature would be a separate file in the ar archive of the .deb that signs > control.tar.gz and data.tar.gz. See jar or apk format for an example of how > this works. I know I'm late to the discussion, but for the record, I fully agree with this approach as the probably best compromise between usability (don't underestimate that, see the emergence of the various "app shops" for Linux applications), security, and flexibility. If anybody wants to work on that, I'm happy to support it in the University Linz context (i.e. as student work, thesis, etc.) and contribute to the process (although, depressingly but realistically, not the implementation).
Rene -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543cde75.7050...@debian.org
