On 01/26/2019 05:42 AM, Alexandre Belgrand wrote:
Le mercredi 23 janvier 2019 à 18:05 +0100, Marek Marczykowski-Górecki a
écrit :
We have just published Qubes Security Bulletin (QSB) #46:
APT update mechanism vulnerability.

Keep in mind that all PGP Debian/Ubuntu signing keys have been stolen
and injection may occur during apt-get install/update using man-in-the-
middle attack, at least in some countries. Unless packages are compiled
with reproducible builds and fingerprints are available online, there
is no way to avoid such an attack.


WAT?

--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ef6f8a6b-2bcf-17d3-2798-402906016f4b%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Reply via email to