On Sun, Jan 25, 2004 at 06:19:28PM +0100, Horst Pflugstaedt wrote: > On Sun, Jan 25, 2004 at 04:12:59PM +0100, Erik Hjelm?s wrote: > > I've spent a few hours searching, what Im looking for is a discussion > > of different security aspects of apt, questions like > > - What are the possible threats in terms of ip spoofing, dns cache > > poisoning? (are there any solutions in terms of PKI (PGP) or similar > > discussed somewhere?) > > that issue is the same as for every web-based download.
For apt < 0.6, this is true. In apt 0.6, all binary packages are authenticated using gnupg, and so network trust is not an issue. -- - mdz
