Comment 30 for bug 125103
Revision history for this message
| Bryan Donlan (bdonlan) wrote Re: [Bug 125103] Re: ppa archives are not signed | #30 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
On Sun, May 04, 2008 at 05:44:18PM -0000, alsuren wrote:
> > What about Martin Pool's idea of accessing ppa through https? Would it give
> > protection from this type of attack?
> I think so, but I don't know enough about the structure of apt. I suspect that
> it might be possible to use a ppa to get an archive that's signed with a
> trusted key, and then simply spoof DNS for any other archive that's not done
> over https. Does apt-get warn the user if a repository's key changes from one
> trusted key to another?
apt-get maintains a list of trusted keys - by default this is the ubuntu
archive key (or in debian, the debian archive key) only, but you can add
more. apt-get does not care which key a particular archive uses,
provided it's on the trusted list.
However, using https + single apt key gives no protection over pure
https. It's not good to give only an illusion of safety... :)
And APT does not take https into consideration when determining whether
to trust the origin of a package.