On 08-Mar-2001 Bernd Eckenfels wrote: > On Thu, Mar 08, 2001 at 02:22:36PM -0300, Carlos Laviola wrote: >> Yes you are, this is one of Blackdown.org's official mirrors, as listed in >> http://www.blackdown.org/java-linux/mirrors.html. The .deb's there are made >> by >> them. > > It is still a security problem that you are unable to limit the pachages apt > will suck from a given source. It could even happen by accident that > blackdown is putting some unstable libc on their server and BANG your system > is hossed. > Well of course you need to trust your sources, but apt is pretty much transparent, it _will_ show you that libc6 is being upgraded, and you'll be able to shout "what the f!". Anyway, I don't think anyone is even thinking about malicious debian repositories.. > Greetings > Bernd > -- > (OO) -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de -- > ( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/ > o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE > (O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl! > > > -- > To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org -- Carlos Laviola - ICQ 55799523 pub 1024D/3516D372 2000-06-05 Carlos Laviola <claviola@ajato.com.br> Key fingerprint = 3BE1 6591 C78C 2AA4 31DD AEEF 6406 0227 3516 D372
Attachment:
pgpvgXsDJd8Bn.pgp
Description: PGP signature