On Wed, Jun 09, 2004 at 07:15:21AM -0700, Karl Hegbloom wrote: > > maybe i simply don't understand, but isn't Packages file signing done > > exactly to avoid such an attack? > > Can you please explain how that works? Sure, how about this: http://www.debian.org/doc/manuals/securing-debian-howto/ch7.en.html#s-deb-pack-sign Feel free to provide comments improving it if you don't understand it. Regards Javier
Attachment:
signature.asc
Description: Digital signature