Sign up to save your podcasts
Or
Share Apt Transparency
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Apt Transparency
by Simon Josefsson
At: miniDebConf Berlin 2024
https://berlin2024.mini.debconf.org/talks/25-apt-transparency/
https://wiki.debian.org/DebianEvents/de/2024/MiniDebconfBerlin
How to improve security of apt repositories with transparency techniques. I will describe attack threat models we should protect against that the apt ecosystem currently do not have any defense against. This goes beyond the current PGP/GnuPG-based trust system. I propose we need a mechanism inspired by WebPKI's Certificate Transparency, and that we consider existing technologies such as HTTPS canary files, Sigstore's public transparency log, Sigsum's public transparency log, and Filippo Valsorda's spicy signatures. I will talk about interactions with reproducible builds to increase safety of package upgrades.
Room: c-base
Scheduled start: 2024-05-19 10:30:00
View all episodes
By by Simon Josefsson
At: miniDebConf Berlin 2024
https://berlin2024.mini.debconf.org/talks/25-apt-transparency/
https://wiki.debian.org/DebianEvents/de/2024/MiniDebconfBerlin
How to improve security of apt repositories with transparency techniques. I will describe attack threat models we should protect against that the apt ecosystem currently do not have any defense against. This goes beyond the current PGP/GnuPG-based trust system. I propose we need a mechanism inspired by WebPKI's Certificate Transparency, and that we consider existing technologies such as HTTPS canary files, Sigstore's public transparency log, Sigsum's public transparency log, and Filippo Valsorda's spicy signatures. I will talk about interactions with reproducible builds to increase safety of package upgrades.
Room: c-base
Scheduled start: 2024-05-19 10:30:00