How secure is apt-get update/upgrade?

Discussion topics, Linux related - not requests for help

Moderators: ChrisThornett, LXF moderators

How secure is apt-get update/upgrade?

Postby daudi » Mon Aug 22, 2011 6:13 am

I was travelling recently in a country that has strong government control over the internet. While there I got nervous about doing a routine upgrade of my ubuntu system. It got me wondering if it would it be possible to intercept/poison my upgrades and install malicious software, e.g. some form of spyware. In the end I decided not to do the upgrade (possibly leaving my machine at higher risk).

Any opinions on how secure apt-get update/upgrade is?
daudi
 
Posts: 59
Joined: Sat Dec 16, 2006 11:00 pm
Location: Maidstone, Kent, UK

Postby roseway » Mon Aug 22, 2011 6:42 am

In Debian (and presumably Ubuntu and its derivatives) packages are signed and you have to install a keyring package, otherwise you will get warning messages when installing packages. So I would say that it's pretty secure.
Eric
roseway
LXF regular
 
Posts: 448
Joined: Thu Jan 18, 2007 2:27 pm

Postby daudi » Mon Aug 22, 2011 12:34 pm

Ah yes, that makes sense. Thank you!
daudi
 
Posts: 59
Joined: Sat Dec 16, 2006 11:00 pm
Location: Maidstone, Kent, UK


Return to Discussion

Who is online

Users browsing this forum: Bing [Bot] and 0 guests