> > At my ISP I have been allowed to install a debian mirror. The server that > it is on may have been compromised by hackers. I would like to check to make > sure that the mirror itself has not been modified, but do not want to do them > one at a time. Could someone give me a hint on how to proceed? > > Mike I am keeping an up-to-date database of dpkgcert package certificates (for the i386 packages, at least) which is updated nightly from my mirror site at home. See http://dpkgcert.jimpick.com/ for details. (Nobody has used the certificates yet, other than me) Unfortunately, dpkgcert doesn't seem to have a utility for comparing .deb files against a certificate. If this was added, then you would be able to verify your mirror against my mirror. Hopefully, both sites weren't compromised at the same time. Cheers, - Jim
Attachment:
pgp9wpT3KN8Pm.pgp
Description: PGP signature