* Matt Zimmerman ([EMAIL PROTECTED]) [031204 22:25]: > On Thu, Dec 04, 2003 at 03:58:38PM -0500, Daniel Jacobowitz wrote: > > On Thu, Dec 04, 2003 at 02:41:43PM -0500, Matt Zimmerman wrote: > > > What kind of real world attacks do signed debs prevent? > > > > > > The only one which comes to mind is a rogue Debian developer that you do > > > not wish to trust, even though the project trusts him.
> > Someone pretending to be someone Manoj trusts, offering him a corrupted > > .deb offline? > s/offline/without the corresponding signed metadata/ > > The advantage would certainly appear to be one of convenience (keeping > everything in one file), rather than security (preventing attacks). If it is more convenient, than security actions are far more often made. Cheers, Andi -- http://home.arcor.de/andreas-barth/ PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C
