On 08-Mar-2001 Bernd Eckenfels wrote:
> On Thu, Mar 08, 2001 at 02:22:36PM -0300, Carlos Laviola wrote:
>> Yes you are, this is one of Blackdown.org's official mirrors, as listed in
>> http://www.blackdown.org/java-linux/mirrors.html. The .deb's there are made
>> by
>> them.
>
> It is still a security problem that you are unable to limit the pachages apt
> will suck from a given source. It could even happen by accident that
> blackdown is putting some unstable libc on their server and BANG your system
> is hossed.
>
Well of course you need to trust your sources, but apt is pretty much
transparent, it _will_ show you that libc6 is being upgraded, and you'll be
able to shout "what the f!". Anyway, I don't think anyone is even thinking
about malicious debian repositories..
> Greetings
> Bernd
> --
> (OO) -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
> ( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
> o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
> (O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
>
>
> --
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
--
Carlos Laviola - ICQ 55799523
pub 1024D/3516D372 2000-06-05 Carlos Laviola <claviola@ajato.com.br>
Key fingerprint = 3BE1 6591 C78C 2AA4 31DD AEEF 6406 0227 3516 D372
Attachment:
pgpvgXsDJd8Bn.pgp
Description: PGP signature