[ale] Safe apt-get repositoris
Bob Toxen
bob at verysecurelinux.com
Fri Jun 18 16:33:17 EDT 2004
On Fri, Jun 18, 2004 at 03:53:31PM -0400, Dow Hurst wrote:
> I have finally had a chance to use apt-get on a RH9 workstation. However,
> my question is how can you know that the repository is a safe one with
> binaries that are trustable? Now, I am not asking how to secure a computer
> and I don't want to rehash how the only secure computer is one with no
> connections and so on ad infinitum.... ;-)
> I guess I am really asking where the best/safest repositories are for
> Redhat?
Also, RedHat RPMs contain a cryptographic signature that RPM verifies.
I'm not sure of all of the details regarding trusted keys.
> What are they for SuSE?
> Do people stray, when using Debian or Gentoo, to repositories outside of
> the normal distribution channels for packages not in the main Gentoo/Debian
> mirrors?
> Dow
> --
> __________________________________________________________
> Dow Hurst Office: 770-499-3428 *
> Systems Support Specialist Fax: 770-423-6744 *
> 1000 Chastain Rd. Bldg. 12 *
> Chemistry Department SC428 Email: dhurst at kennesaw.edu *
> Kennesaw State University Dow.Hurst at mindspring.com *
> Kennesaw, GA 30144 *
> ************************************************************
Bob Toxen
bob at verysecurelinux.com [Please use for email to me]
http://www.verysecurelinux.com [Network&Linux/Unix security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.
"Microsoft: Unsafe at any clock speed!"
-- Bob Toxen 10/03/2002
More information about the Ale
mailing list