On Fri, Oct 18, 2002 at 08:20:14AM -0500, Joseph Pingenot wrote:
> If people are interested enough in it, I might throw together something
>   more formal.

IMHO there is no lack of interesting ideas - what we really need are
implementations. 

apt-check-sigs is a nice proof-of-concept, and the debsigs stuff could
also improve security significantly. Together, I'd say they'd suffice to
make the debian mirrors extremely tamper-proof. 

But apt-check-sigs is lacking nice integration into existing tools, and
debsigs doesn't really work, because packages are not signed, which is
IMHO caused by inappropriate helper tools at packaging time.

So implementing these tools, and then changing policy to make package
signatures mandatory, seems to be the most feasible approach.

Writing new proposals for advanced security schemes doesn't help and may
even delay implementation of working mechanismns.

Jan

Reply via email to