Debian/Ubuntu security apt phun
Georgi Guninski
guninski at guninski.com
Wed Dec 14 11:13:38 PST 2016
On Wed, Dec 14, 2016 at 09:50:14AM -0800, Razer wrote:
> > And how do you update apt if it is broken? ;)
>
>
> Download the .deb package and install. Assuming ofc apt IS installable
> from a .deb file...IDK.
>
By "broken" I meant vulnerable, not non-working. As I already asked "how
do I verify the integrity of the apt .deb"? Haven't checked the details,
but the wording in the Debilian's advisory suggest they don't have
self-contained pseudo-crypto signatures, they just sign the metadata
shit, at least by default.
As an aside, "download this .deb and install" reminds me of the windoze
screensaver attachments I get by email...
More information about the cypherpunks
mailing list