[prev in list] [next in list] [prev in thread] [next in thread]
List: debian-security
Subject: Recent Securityfocus Colum and the Debian HOWTO
From: Javier Fernandez-Sanguino Pena <jfernandez () germinus ! com>
Date: 2001-12-20 13:59:26
[Download RAW message or body]
Jon, regarding your recent column at your insightful column at
Securityfocus (http://www.securityfocus.com/columnists/48) regarding
package manipulation and troyan insertion. Well, I have been discussing
this issue in Debian for a while and just yesterday (IIRC, but could be
checked at cvs.debian.org) sent a new version of the "Securing Debian
HOWTO" (available at
http://www.debian.org/doc/manuals/securing-debian-howto/index.en.html)
which does talk about the package signing stuff and Debian's point of
view regarding it. As you say in your column, you currently *can* check
signatures in Debian, but, it's not enabled by default since the
proposed scheme has not yet been decided upon (check the HOWTO for more
information).
BTW, I did write this info *before* reading your column (just in case
you were wondering), as a matter of fact I had the notes for about a
week but had to get some time to write it down :)
In any case, I wanted to comment this info just in case you want to
update your column to add additional info.
Regards
Javier Fernández-Sanguino Peña
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic