On Tue, Feb 23, 2016 at 12:02:50PM +0100, Thomas Schmitt wrote: > Hi, > > Nicolas George wrote: > > Of course, that does not mean MD5 and SHA-1 should be used nowadays. New > > theoretical attacks are found, keeping using hashes with known weaknesses is > > stupid. > > The ISO checksums are provided more for transport verification than > for the fight against intentional mainpulation. > Signing the hash lists by PGP still seems a bit weak as protection. > > But well, if Debian armors its ISOs, then it would have to scrutinize > the source of its packages, too. >
The reproducible builds work now going on will make this much easier. Anybody should be able to reproduce _exactly_ what was generated, anywhere and with a very high confidence in every stage. This may not be immediately evident for the current release - though more and more of it is becoming reproducible - but will be very evident for Stretch - Debian 9 - when released as stable. > Most important seems a permanent supervision of the web site content > from not publicly known client machines. Hash sums may be manipulated. > But the whole content of an ISO is either original or not. Easy to spot. > > Not quite so obvious if the attacker(s) have had significant time to build and modify individual packages and get the changes pushed in - but see above. > Have a nice day :) > > Thomas Likewise :) AndyC
