On Mon, 2017-04-24 at 10:52 +0000, email@example.com wrote: [...] > In his repository I find the build definition for docker 32bit > debian, c.f. https://github.com/docker-32bit/debian/blob/i386/build-i > mage.sh. In there I see he sets up the mirror and pretty much every > "deb" reference with "http://"HTTP, not "https://". From what I have > found in Wikis of Debian and Ubuntu, HTTP still seems standard > practice in the debian ecosystem. But I wonder how and where the > downloaded binaries are verified against any checksums? [...] It's explained here: https://wiki.debian.org/SecureApt Ben. -- Ben Hutchings Larkinson's Law: All laws are basically false.
Description: This is a digitally signed message part