On 2014-09-25 06:24, Hans-Christoph Steiner wrote:
W. Martin Borgert wrote:
On 2014-09-24 23:05, Hans-Christoph Steiner wrote:
* the signature files sign the package contents, not the hash of
whole .deb file (i.e. control.tar.gz and data.tar.gz).
So preinst and friends would not be signed? Sounds dangerous to me.
All package contents would be signed, except the signature itself. The
signature would be a separate file in the ar archive of the .deb that signs
control.tar.gz and data.tar.gz. See jar or apk format for an example of how
this works.
I know I'm late to the discussion, but for the record, I fully agree
with this approach as the probably best compromise between usability
(don't underestimate that, see the emergence of the various app shops
for Linux applications), security, and flexibility. If anybody wants to
work on that, I'm happy to support it in the University Linz context
(i.e. as student work, thesis, etc.) and contribute to the process
(although, depressingly but realistically, not the implementation).
Rene
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/543cde75.7050...@debian.org