Comment 48 for bug 125103
Revision history for this message
| Andrew Fuchs (fuchs.andy) wrote Re: [Bug 125103] Re: ppa archives are not signed | #48 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
On Sunday 31 August 2008 01:37:09 pm Chuck Renner wrote:
…
> The reason that this particular method is important to use is that end-
> users should not be forced to trust ALL PPA packages. Many of them
are
> probably completely unsafe, and it is very easy for a user with
> malicious intent to create a PPA account. It makes no sense to me to
> create one key used to sign all PPA packages. This could easily be
> exploited by malicious scripts to download malicious PPA packages.
…
Your point is moot. If an attacker can run a malicious script on a
machine, the machine is already compromised. Coincidently, for a
malicious package to be installed, a user (who has root access) must be
tricked into installing it, or the machine broken into. It would be just as
easy to trick a user into running a malicious script.
The only reason I can think of (and why I want it done) to sign PPAs
would be to prevent man in the middle attacks.