Re: RFC: Signed packages and translations

To: debian-devel@lists.debian.org
Subject: Re: RFC: Signed packages and translations
From: Bernd Eckenfels <lists@lina.inka.de>
Date: Tue, 4 Sep 2001 02:26:16 +0200
Message-id: <[🔎] 20010904022616.A2500@lina.inka.de>
In-reply-to: <[🔎] 20010903181337.A29165@digital>
References: <[🔎] 20010901104918.B6527@salem.getuid.de> <[🔎] Pine.LNX.4.31.0109011913350.15409-100000@phobos.fachschaften.tu-muenchen.de> <[🔎] 20010903181337.A29165@digital>

On Mon, Sep 03, 2001 at 06:13:37PM +0200, Niklas Hoglund wrote:
> Have I misunderstood that a signature is a kind of checksum. What purpose
> does adding a checksum to a checksum have? If the signature is invalid the
> .deb should not be trusted, but thrown away and redownloaded.

Because a cracker can tamper a checksum, but it can't tamper a Signature.
(Unless she has compromised ftp-master).

Greetings
Bernd

Reply to:

References:
- Re: RFC: Signed packages and translations
  - From: Christian Kurz <shorty@debian.org>
- Re: RFC: Signed packages and translations
  - From: Simon Richter <Simon.Richter@phobos.fachschaften.tu-muenchen.de>
- Re: RFC: Signed packages and translations
  - From: Niklas Hoglund <niklas.hoglund@telia.com>

Prev by Date: Gtranscript et. al. [Was: searching for Michel Onstein]
Next by Date: Re: step by step HOWTO switch debian installation into utf-8
Previous by thread: Re: RFC: Signed packages and translations
Next by thread: Re: RFC: Signed packages and translations
Index(es):
- Date
- Thread