[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debsigs

On Wed, Mar 27, 2002 at 02:26:02PM +1100, Brian May wrote:
> On Tue, Mar 26, 2002 at 09:21:01PM -0500, Ben Collins wrote:
> > By the time your example gets to checking sigs, the depends have already
> > been figured and things have been downloaded by apt, and are trying to
> > be installed. It's too late at that point to reject a package you don't
> > want, given that it successfully meets the signature criteria. Apt-get
> > already has mechanism to control what packages from which sources you
> > want to take into account.
> I assume the Release file will be signed?
> (ie. the file that is used for checking in /etc/apt/preferences?)
> If so, this may be another alternative.
> If not, then any criteria you set in /etc/apt/preferences can
> be faked by changing the details in the downloaded Release file.

The Release files are already signed (Release.gpg, IIRC).

/       Ben Collins    --    Debian GNU/Linux       \
`               bcollins@debian.org                 '

To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: