[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debsigs

On Tue, Mar 26, 2002 at 09:21:01PM -0500, Ben Collins wrote:
> By the time your example gets to checking sigs, the depends have already
> been figured and things have been downloaded by apt, and are trying to
> be installed. It's too late at that point to reject a package you don't
> want, given that it successfully meets the signature criteria. Apt-get
> already has mechanism to control what packages from which sources you
> want to take into account.

I assume the Release file will be signed?

(ie. the file that is used for checking in /etc/apt/preferences?)

If so, this may be another alternative.

If not, then any criteria you set in /etc/apt/preferences can
be faked by changing the details in the downloaded Release file.
Brian May <bam@debian.org>

To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: