[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to improve archive verification possibilities for the future

Zenaan Harkness <zen@iptaustralia.net> writes:

> On Sun, 2003-11-30 at 11:47, Goswin von Brederlow wrote:
> > I know that anyone subscribe to the *-changes lists can verify the
> > signatures on the changes files agains the debs or Packages files but
> > is anyone doing so?
> Distributed trust => distributed auditing. If there is an automated way
> for joe-user to run daily checks, I for one would "aptitude install"
> it...
> rgds
> zen

You would need a local debian mirror or at least a partial one.

If you archive the changes list you could verify the debs when apt-get
downloads. For yoe average users thats way too much work and the
Release.gpg is enough.


Reply to: