[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [RFH] The need for signed packages and signed Releases (long, long)

Andrew Suffield <asuffield@debian.org> writes:

> To be decently secure, you need the target system to refuse to accept
> packages that don't have an acceptable trust path.

Have you actually tried to determine whom and which machines you have
to trust implicitly when trusting a particular Debian package?  I
guess this gets really messy pretty soon.

Reply to: