[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] Secure updating/installing of packages
On Jul 20, neodaxus@xxxxxxx <neodaxus@xxxxxxx> wrote:
theoretically it is possible that modified packages for Linux distributions
are made available in order to create backdoors (e.g. through a hacked server
or mirror, wrong IP routing / DNS resolving, or simply someone making
available manipulated packages at a site under his control).
I wonder how SuSE and other distros protect themselves against this threat.
Who knows about SuSE (YOU + Yast)?
All SuSE packages are cryptographically signed with the SuSE build key
(build@xxxxxxx). It is automatically installed from the CDs.
In addition to that, fou4s (http://fou4s.gaugusch.at/) allows you to
install packages that are signed with fully trusted keys, apart from the
Markus Gaugusch \ / ASCII Ribbon Campaign
markus(at)gaugusch.at X Against HTML Mail
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here