oss-sec mailing list archives

Re: CVE for Kali Linux

From: Florian Weimer <fw () deneb enyo de>
Date: Sun, 22 Mar 2015 12:04:57 +0100

* Kurt Seifried:

So I guess we enter uncharted territory here.


No, this is pretty much the same as bug 998:

  <https://bugzilla.redhat.com/show_bug.cgi?id=998>

Here's one non-working attempt at solving this with the Microsoft
trust root:

  <https://fedoraproject.org/wiki/Features/PackageSignatureCheckingDuringOSInstall>

(It does not work because anyone can have binaries signed under the
Microsoft trust root.)

Vendor has front page that recommends doing something completely
insane and insecure (http/md5s/etc.).


Please tone down your language, it's not constructive at all.

Current thread:

Re: CVE for Kali Linux, (continued)
- - Re: CVE for Kali Linux Kurt Seifried (Mar 21)
    - Re: CVE for Kali Linux Daniel Micay (Mar 21)
    - Re: CVE for Kali Linux Russ Allbery (Mar 21)
    - Re: CVE for Kali Linux Daniel Micay (Mar 21)
    - Re: CVE for Kali Linux Daniel Micay (Mar 21)
    - Re: CVE for Kali Linux Florian Weimer (Mar 22)
    - Re: CVE for Kali Linux Daniel Micay (Mar 22)
    - Re: CVE for Kali Linux Amos Jeffries (Mar 22)
    - Re: CVE for Kali Linux Daniel Micay (Mar 22)
    - Re: CVE for Kali Linux Michael Samuel (Mar 21)
    - Re: CVE for Kali Linux Florian Weimer (Mar 22)
    - Re: CVE for Kali Linux Kurt Seifried (Mar 22)
    - Re: CVE for Kali Linux Jeremy Stanley (Mar 22)
    - Re: CVE for Kali Linux Kurt Seifried (Mar 22)
    - Re: CVE for Kali Linux David A. Wheeler (Mar 22)
    - Re: CVE for Kali Linux Solar Designer (Mar 22)
    - Re: CVE for Kali Linux Solar Designer (Mar 22)
    - Re: CVE for Kali Linux Kurt Seifried (Mar 22)
    - Re: CVE for Kali Linux Donald Stufft (Mar 22)
    - Re: CVE for Kali Linux Daniel Micay (Mar 22)
    - Re: CVE for Kali Linux Kristian Fiskerstrand (Mar 22)

(Thread continues...)