Re: Debian audititing tool?

To: debian-security@lists.debian.org
Subject: Re: Debian audititing tool?
From: Colin Phipps <cph@netcraft.com>
Date: Fri, 22 Dec 2000 15:10:38 +0000
Message-id: <[🔎] 20001222151038.A13587@ns0.netcraft.com>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20001221201214.X23134@seteuid.getuid.de>; from shorty@debian.org on Thu, Dec 21, 2000 at 08:12:14PM +0100
References: <[🔎] 20001221211506.A14827@ignuthuam> <[🔎] 20001221133919.G27036@bofh.de> <[🔎] 20001222001138.A22565@ignuthuam> <[🔎] 20001221143332.I27036@bofh.de> <[🔎] 20001222011732.A24422@ignuthuam> <[🔎] 20001221153025.M27036@bofh.de> <[🔎] 20001221150024.A12485@ns0.netcraft.com> <[🔎] 20001221160907.O27036@bofh.de> <[🔎] 20001221152210.B12485@ns0.netcraft.com> <[🔎] 20001221201214.X23134@seteuid.getuid.de>

On Thu, Dec 21, 2000 at 08:12:14PM +0100, Christian Kurz wrote:
> On 00-12-21 Colin Phipps wrote:
> > On Thu, Dec 21, 2000 at 04:09:07PM +0100, Christian Kurz wrote:
> > > And who will create this key? Who will have the passphrase? Who will
> > > sign the packages?
> 
> > Someone on master.debian.org, presumably the ftp admins.
> 
> And so you trust this admins? Just asking because some people here have
> a lot of paranoia.

Signing packages on the master mirror guards against compromised or
spoofed mirrors. Not trusting the master mirror or its admins is a
separate, and much harder problem.

-- 
Colin Phipps                            http://www.netcraft.com/

Reply to:

References:
- Debian audititing tool?
  - From: Peter Eckersley <pde@cs.mu.oz.au>
- Re: Debian audititing tool?
  - From: Christian Kurz <shorty@debian.org>
- Re: Debian audititing tool?
  - From: Peter Eckersley <pde@cs.mu.oz.au>
- Re: Debian audititing tool?
  - From: Christian Kurz <shorty@debian.org>
- Re: Debian audititing tool?
  - From: Peter Eckersley <pde@cs.mu.oz.au>
- Re: Debian audititing tool?
  - From: Christian Kurz <shorty@debian.org>
- Re: Debian audititing tool?
  - From: Colin Phipps <cph@netcraft.com>
- Re: Debian audititing tool?
  - From: Christian Kurz <shorty@debian.org>
- Re: Debian audititing tool?
  - From: Colin Phipps <cph@netcraft.com>
- Re: Debian audititing tool?
  - From: Christian Kurz <shorty@debian.org>

Prev by Date: Re: Debian audititing tool?
Next by Date: Re: Debian audititing tool?
Previous by thread: Re: Debian audititing tool?
Next by thread: Re: Debian audititing tool?
Index(es):
- Date
- Thread