[Reproducible-builds] concrete steps for improving apt downloading security and privacy
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Sep 22 12:58:08 UTC 2014
On 09/21/2014 02:04 PM, Elmar Stellnberger wrote:
> a well programmed dpkg-cmp.
> ... and as long as the tool should not be available simply un-ar and
> compare
> the data.tar.gz-s.
fwiw, this suggestion fails to compare the contents of control.tar.gz,
which includes the maintainer scripts (preinst, postinst, etc).
If someone wanted to damage your system with a modified package,
modified preinst and postinst scripts would be much more effective (they
run as root, automatically upon package installation!) than just
tweaking a given binary.
i just wanted to point out that this theoretical dpkg-cmp is at least
slightly more complex than the above suggestion makes it out to be.
And of course there are many other tools already that use plain old cmp
or digest comparisons against .deb packages already, and thinking about
how to interoperate with existing infrastructure is important.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20140922/26abeff1/attachment.sig>
More information about the Reproducible-builds
mailing list