On 01/26/2019 05:42 AM, Alexandre Belgrand wrote:
Le mercredi 23 janvier 2019 à 18:05 +0100, Marek Marczykowski-Górecki a
We have just published Qubes Security Bulletin (QSB) #46:
APT update mechanism vulnerability.
Keep in mind that all PGP Debian/Ubuntu signing keys have been stolen
and injection may occur during apt-get install/update using man-in-the-
middle attack, at least in some countries. Unless packages are compiled
with reproducible builds and fingerprints are available online, there
is no way to avoid such an attack.
Chris Laprise, tas...@posteo.net
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to email@example.com.
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.