unthinkable paranoia
Internet is now proved to be unsecured even if DNS are patched and i reached and unthinkable level of paranoia. Given that launchpad ppa (which are awesome for QA) doesn’t use signed packages, so i can’t actually check the integrity of them i’ve changed all my sources.list from url’s to ip’s so i can’t (at least i hope) be vulnerable to cache poisoning \o/
P.S: Please launchpad team, make ppa use signed packages!
nxvl @ August 9, 2008
Or, even better still…
Please launchpad team, make it so that PPA packages can’t unwittingly be uploaded to the main archive!
Sometimes I wonder if they even care about security…
+1
This idea has some good info on why PPAs aren’t signed. There are even more technical reasons why it doesn’t work, but I can’t remember where I read about them.
http://brainstorm.ubuntu.com/idea/11810/
???°?? ???? ?????µ – ?‚?µ???° ???°???????‹?‚?° ?‡?µ?‚????, ?????°?????±?? ?·?° ???????‚!