[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: Signed packages and translations

On Mon, Sep 03, 2001 at 06:13:37PM +0200, Niklas Hoglund wrote:
> Have I misunderstood that a signature is a kind of checksum. What purpose
> does adding a checksum to a checksum have? If the signature is invalid the
> .deb should not be trusted, but thrown away and redownloaded.

Because a cracker can tamper a checksum, but it can't tamper a Signature.
(Unless she has compromised ftp-master).


Reply to: