On Tue, 30 Aug 2016 23:04:40 +0200, Ralf Mardorf wrote: >On Tue, 30 Aug 2016 15:31:07 -0500, Yoshi wrote: >>There is allegedly a recently published security hole in the >>"Ubuntu/Debian update mechanism" involving authentication and >>signatures. > >What is the source of this vague "information"? > >>You are welcome to forward this message as is to anyone else in the >>Ubuntu Development community, but I won't be speculating on nor >>elaborating about the issue. I'm not a programmer, so I wouldn't know >>how to talk about it anyhow. > >You already started talking about it.
PS: On Wed, 31 Aug 2016 08:11:12 +0200, Set Hallstrom wrote: >Got to be reffering to this: >https://www.schneier.com/blog/archives/2016/08/powerful_bit-fl.html See https://lists.ubuntu.com/archives/ubuntu-users/2016-August/287193.html On Wed, 31 Aug 2016 03:11:29 -0400, [email protected] wrote: >For me this adds still more packages to what I have to build from >source, starting with the kernel. If the signing per se would be the real issue, then it wouldn't matter if you check the source by it's key https://www.kernel.org/signature.html or a binary package by it's key. Regards, Ralf -- ubuntu-studio-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-studio-devel
