[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Official Debian digital 'branding' of debs

Manoj Srivastava <srivasta@debian.org> writes:

> Hi,
> >>"Rene" == Rene Mayrhofer <rmayr@vianova.at> writes:
>         To compromise the security, one would have to not only have
>  compromised the master key, one would have had to compromise the
>  debian keyring package, which is also signed by the maintainer.

How would that make Deb files more secure (apart from the keyring
package itself?) or is the md5sum in the packages file secure enough?


PS: The md5sums should be on the unpacked contents of the deb file,
i.e. the control.tar and data.tar.

Reply to: