20 Feb
2015
20 Feb
'15
4:11 p.m.
On Fri, Feb 20, 2015 at 4:09 PM, Daniel Micay <danielmicay@gmail.com> wrote:
On 20/02/15 10:04 AM, Martti Kühne wrote:
You should really just tell upstream to sign their releases, because it wipes out the attack vector instead of just making it possible to audit whether a MITM attack on the original. packager occurred like hashes.
The hashes provide no security for the initial packaging work and no defense against an attack that's done by compromising the upstream sources, which is far more realistic than a targeted MITM attack on a specific Arch Linux packager.
Since security-by-reading-the-code isn't an option since a few decades, we're stuck in this, yup. cheers! mar77i