| |||||||||||||
|
| |||||||||||||
Study: Attacks on package managersStudy: Attacks on package managersPosted Jul 16, 2008 14:49 UTC (Wed) by epa (subscriber, #39769)In reply to: Study: Attacks on package managers by job Parent article: Study: Attacks on package managers Checking the signature is a good thing and I'm not blaming that at all. I am kvetching about the corrupted mirror site existing in the first place. Removing the signature check, obviously, would not improve things. Better error reporting of 'the download failed and the file was truncated' before even attempting the signature check would be helpful, but not essential. What would be good would be failover handling in the package manager so you didn't need to see that message at all.Yes. Some kind of client library that automatically handles selecting an upstream server (or more than one, if the download is to be parallelized), checks for data consistency, and restarts or switches servers if the consistency check fails. Bittorrent is one example of a protocol that handles all this, with the added bonus that nodes can share data between each other (as when two machines on the same network both need to update), and that setting up a traditional mirror site using cron jobs and perl scripts is not necessary (just start up the Bittorrent program and tell it how much bandwidth and disk space to use). Some kind of intelligent http frontend would also do the job. Of course you still need to check package signatures after the download has completed successfully.
(Log in to post comments)
|
|
||||||||||||