Re: Possibility of packaging JDK 1.3?
On Fri, 9 Mar 2001, Carlos Laviola wrote:
>
> On 09-Mar-2001 Alexander Hvostov wrote:
> > Bernd,
> >
> > You're supposed to _trust_ the distributions you put in your
> > sources.list. If you don't, don't put them in there. Adding security
> > features of this sort to apt is probably not even remotely trivial...
>
> AFAIK, Conectiva's own version of apt (w/rpm support) also features "repository
> signing", which apparently ensures that the repository you're using is indeed
> secure for use.
Even then, you trust your repository. Only this time, you trust your
repository because you trust whoever signed it, but this is really
applying a technological solution to a sociological problem, which doesn't
usually work very well.
Regards,
Alex.
Reply to: