Hey Bart On Sun, 2014-06-22 at 21:55 +0000, Bart Martens wrote: > The rest is quite vague to me What do you mean by: the rest? Apart from the downgrading/blocking attacks the two most notable issues I've described were:
- people are not notified about [security] updates the usual ways (apt, aptitude, notifiers for that), which I think is at the least quite unfortunate and at the most a security issue - given that software is signed by your key (rather then the Debian archive key),... it's in principle much easier for an attacker to only attack selective users (and thus be noticed much harder)... if - of course - your key would be compromised. Anything else that I forgot now? > or applicable to the entire > Debian repository The above two points to IMHO not apply to the "normal" Debian archive. > or already covered in the package. How? Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature
