At 01:07 PM 1/7/2002 +0900, Massimiliano Mirra wrote:
>On Mon, Jan 07, 2002 at 12:03:05PM +0900, Dan Sugalski wrote:
> > No, that's not true. I'm entirely sure it's not sufficient. I can think of
> > many, many ways to crock this. You're counting on the remote keyserver
> > being trustworthy (they aren't), DNS being trustworthy (it isn't), that 
> the
> > signing entity is trustworthy (they aren't), and that the source you're
> > fetching is safe to use sight unseen (it isn't).
>
>Sorry, I must be missing something or just be mad, because I installed
>my Debian from scratch from the net.  If they can guarantee the
>integrity of a distribution, moreover downloaded over http with no
>notion of keys or such, I guess it should be possible to guarantee the
>integrity of a code library, should it not?

They can't, though. I doubt they do.

> > Yeah, these are all potential issues when installing any chunk of code 
> from
> > the net, but at least with a manual install you have a chance to check
> > things out even if you choose not to. With automagic loading, you take all
> > the potential checks out of the process.
>
>``apt-get program-name'' does not give very much to check. ;-)

It's not safe, either. And how do you know it hasn't been compromised? No, 
you're not likely to be a target, the same way I don't have to worry much 
about locking the doors of my 12 year old beat-up car. That doesn't make it 
a safe thing to do in general.

This is a feature that can leave a system potentially wide-open. You 
*can't* be too paranoid in considering the potential risks.

					Dan

--------------------------------------"it's like this"-------------------
Dan Sugalski                          even samurai
dan / sidhe.org                         have teddy bears and even
                                      teddy bears get drunk