Re: Possibility of packaging JDK 1.3?
On 09-Mar-2001 Alexander Hvostov wrote:
> Bernd,
>
> You're supposed to _trust_ the distributions you put in your
> sources.list. If you don't, don't put them in there. Adding security
> features of this sort to apt is probably not even remotely trivial...
AFAIK, Conectiva's own version of apt (w/rpm support) also features "repository
signing", which apparently ensures that the repository you're using is indeed
secure for use.
> On Thu, 8 Mar 2001, Bernd Eckenfels wrote:
>
>> On Thu, Mar 08, 2001 at 02:22:36PM -0300, Carlos Laviola wrote:
>> > Yes you are, this is one of Blackdown.org's official mirrors, as listed in
>> > http://www.blackdown.org/java-linux/mirrors.html. The .deb's there are
>> > made by
>> > them.
>>
>> It is still a security problem that you are unable to limit the pachages apt
>> will suck from a given source. It could even happen by accident that
>> blackdown is putting some unstable libc on their server and BANG your system
>> is hossed.
>>
>> Greetings
>> Bernd
>> --
>> (OO) -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
>> ( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
>> o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
>> (O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
>>
--
Carlos Laviola - ICQ 55799523
pub 1024D/3516D372 2000-06-05 Carlos Laviola <claviola@ajato.com.br>
Key fingerprint = 3BE1 6591 C78C 2AA4 31DD AEEF 6406 0227 3516 D372
Reply to: