On Mon, Dec 01, 2003 at 03:56:59PM +0000, Scott James Remnant wrote: > Assuming that level of compromise, there's no recent to suspect that > they couldn't have free reign adding anything to the archive they > wanted. Signed .debs gain you nothing here.
If every .deb must be signed by a developer, and we assume that no developer leaves secret keys on public machines, then signed .debs does save the day. Even if the attacker could place a new keyring file in the archive, people verifying signatures on signed .debs would not install it, since it would not have the signature of a developer. All other attacked debs would also fail to install, since they would not have the signature of a developer.
