[Slugnet] Is it safe installing Ubuntu/Debian while connected to
the Internet.
desire at gmail.com
desire at gmail.com
Sun May 4 08:59:43 SGT 2008
my 2cents. Debian uses secure-apt since debian etch. Therefore, as long as
you start the install using a correct/trusted install cd, you should have
the correct debian signing keys installed, and therefore be relatively safe
from man-in-the-middle attacks while doing a network install (or a network
update, for that matter).
Assuming that the install process doesn't expose any services (something
which I have not verified) and that secure-apt works as designed, the
remaining risks of doing a network install would be minimal (eg. if apt's
http or ftp methods can be remotely exploited into doing something bad), or
of a social engineering (do you really want to accept this deb package
signed by an untrusted key?) or denial-of-service nature.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.lugs.org.sg/pipermail/slugnet/attachments/20080504/60fa9626/attachment.htm
More information about the Slugnet
mailing list