On Sb, 24 iul 10, 19:51:53, Boyd Stephen Smith Jr. wrote: > > Good question. I don't know how to verify the installation media. Assuming > it uses the standard apt and normal repositories, all the packages installed > during installation will be verified, and the archive/repository must be > signed by a GPG key in the installation media's apt keyring. Exactly. Nothing prevents the builder of the image to include a different keyring on the media ;) Regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
Attachment:
signature.asc
Description: Digital signature