-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Tue, Dec 20, 2016 at 12:37:21PM -0500, Chris Laprise wrote: > Regarding the "Alternate Patching Method" using normal apt update: Its > possible the template was attacked via updates even before the bug was > announced, or sometime between the Debian announcement and now. The "check > InRelease" only helps if the attack occurs only during the next update and > not before. Otherwise, the user has no way of knowing if their template has > been compromised before doing this special update procedure. > > Replacing the template as described in "Patching" section provides much more > certainty.
Yes, exactly, both are true. This is why for more trusted templates it is recommended to replace them. And why this method is the primary one. But for less trusted (like those you may assume being compromised anyway) it's ok to ust "alternative" method. For example I have one template which I use only for stuff distributed as not signed tarballs only. I'm fairly sure there were far easier methods to compromise this template in the past. And I use it only for some testing VMs. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJYWW8gAAoJENuP0xzK19csR10H/jAKT5S3yS5b5hMZZ7DbFWYK 3OncMxl+Tcca336Xn96ekP2othIWgpLfqaRgrSr9wtAIlZST9/97Wf/4jI8OcIFy 2KHR4CfUb/hAhG8nfEGdBrSc103l8/YVDuOMQYY7ndUxX8SKCB45278VBiCAXtNH xp7rVxwfIM8+g+HOIdqTdBXudjtGFcHP5RSVBwzmUU2KCXAuTtYLyWkmZLRLGg5A zi9QaWbvvwD/Kpxo0vuljW26JS3FoB+9/pxgawcFRWk+A263enV9K2/6tL5cJaQP SoxRzGhsYUQwJf8lqTrlUAEgVmB0rs6nrDBQPNQz85cCRWDg5D/tpxYcLH/sOkI= =jh0W -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to email@example.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161220174919.GT1239%40mail-itl. For more options, visit https://groups.google.com/d/optout.