[prev in list] [next in list] [prev in thread] [next in thread] 

List:       debian-security
Subject:    Recent Securityfocus Colum and the Debian HOWTO
From:       Javier Fernandez-Sanguino Pena <jfernandez () germinus ! com>
Date:       2001-12-20 13:59:26
[Download RAW message or body]

Jon, regarding your recent column at your insightful column at 
Securityfocus (http://www.securityfocus.com/columnists/48) regarding 
package manipulation and troyan insertion. Well, I have been discussing 
this issue in Debian for a while and just yesterday (IIRC, but could be 
checked at cvs.debian.org) sent a new version of the "Securing Debian 
HOWTO" (available at 
http://www.debian.org/doc/manuals/securing-debian-howto/index.en.html) 
which does talk about the package signing stuff and Debian's point of 
view regarding it. As you say in your column, you currently *can* check 
signatures in Debian, but, it's not enabled by default since the 
proposed scheme has not yet been decided upon (check the HOWTO for more 
information).

BTW, I did write this info *before* reading your column (just in case 
you were wondering), as a matter of fact I had the notes for about a 
week but had to get some time to write it down :)

In any case, I wanted to comment this info just in case you want to 
update your column to add additional info.

Regards

Javier Fernández-Sanguino Peña


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

[prev in list] [next in list] [prev in thread] [next in thread]