Re: debsigs
On Wed, Mar 27, 2002 at 02:26:02PM +1100, Brian May wrote:
> On Tue, Mar 26, 2002 at 09:21:01PM -0500, Ben Collins wrote:
> > By the time your example gets to checking sigs, the depends have already
> > been figured and things have been downloaded by apt, and are trying to
> > be installed. It's too late at that point to reject a package you don't
> > want, given that it successfully meets the signature criteria. Apt-get
> > already has mechanism to control what packages from which sources you
> > want to take into account.
>
> I assume the Release file will be signed?
>
> (ie. the file that is used for checking in /etc/apt/preferences?)
>
> If so, this may be another alternative.
>
> If not, then any criteria you set in /etc/apt/preferences can
> be faked by changing the details in the downloaded Release file.
The Release files are already signed (Release.gpg, IIRC).
--
.------==-=======--------=====------------=-=-----.
/ Ben Collins -- Debian GNU/Linux \
` bcollins@debian.org '
`---=========---====----------==-===-------=--=---'
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: