## page was renamed from CDRomAuthentication ##(see the SpecSpec for an explanation) = CDRomAuthentication = == Status == * Created: <> by JaneW * Priority: LowPriority * People: MichaelVogtLead, ColinWatsonSecond * Contributors: JaneW * Interested: MichaelVogt * Status: EditedSpecification, BreezyGoal, DistroSpecification, ColinWatsonQueue * Packages: * Depends: * Dependents: <> * UduSessions: 1, 4, 8, etc == Introduction == Discusses an update to apt authentication for CD-ROMs to enhance security on install and make it impossible to create "poisoned" fake Ubuntu CDs that hurt users. == Rationale == Currently, customizing an install CD requires recreating the signature for the Packages file and re-signing it. This further involves modifying the `ubuntu-keyring` package, which is awkward for people doing simple customizations. We should make this process less painful, probably by adjusting apt's rules for CD-ROM authentication. == Scope and Use Cases == Because customization should be easy, the current authentication scheme should be re-examined. In many cases, it is safe to assume that we trust the CD-ROM, because the CD-ROM is the top of the trust-chain. If a system is installed by booting from the CD-ROM, we trust the CD (because we use it to install) long before the signature of the CD-ROM is checked by the installer. The only cases where the security is weakened is when a system is upgraded using a CD-ROM. Signed md5sums of the Ubuntu CD images are provided at http://releases.ubuntu.com/hoary/MD5SUMS and MD5SUMS.gpg so the user can still verify that his system is ok. A possible attack scenario would be that the user gets a CD (by hand from someone evil or by downloading from a evil site) with rogue packages on it that looks like a Ubuntu CD. If the user does not check the md5sums himself rogue packages could be installed on his system without warnings (update-notifier will make this easy by prompting for upgrade when a new CD is inserted). == Implementation Plan == Apt needs to be modified so that it takes the location of the package into account and trusts CD-ROM packages automatically. === Packages Affected === The `apt` package needs to be modified, in particular the `libapt` library. After that, all higher level package management tools will automatically work. == Outstanding Issues == No work in this area has been done yet. === UDU BOF Agenda === === UDU Pre-Work === ---- CategoryUdu CategorySpec