Re: How to improve archive verification possibilities for the future
Zenaan Harkness <firstname.lastname@example.org> writes:
> On Sun, 2003-11-30 at 11:47, Goswin von Brederlow wrote:
> > I know that anyone subscribe to the *-changes lists can verify the
> > signatures on the changes files agains the debs or Packages files but
> > is anyone doing so?
> Distributed trust => distributed auditing. If there is an automated way
> for joe-user to run daily checks, I for one would "aptitude install"
You would need a local debian mirror or at least a partial one.
If you archive the changes list you could verify the debs when apt-get
downloads. For yoe average users thats way too much work and the
Release.gpg is enough.