[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to improve archive verification possibilities for the future

On Sun, 2003-11-30 at 18:54, Goswin von Brederlow wrote:
> Zenaan Harkness <zen@iptaustralia.net> writes:
> > On Sun, 2003-11-30 at 11:47, Goswin von Brederlow wrote:
> > > I know that anyone subscribe to the *-changes lists can verify the
> > > signatures on the changes files agains the debs or Packages files but
> > > is anyone doing so?
> > 
> > Distributed trust => distributed auditing. If there is an automated way
> > for joe-user to run daily checks, I for one would "aptitude install"
> > it...
> > 
> > rgds
> > zen
> You would need a local debian mirror or at least a partial one.
> If you archive the changes list you could verify the debs when apt-get
> downloads. For yoe average users thats way too much work and the
> Release.gpg is enough.

As it so happens, I use apt-move, and do have a sid/unstable archive.
There are probably a few developers with something similar. (My mirror
is these days just a mirror of my own packages - I used to have a full,
binary + source mirror, but ran out of disk space.


NEW! The Debian Enterprise Project: http://debian-enterprise.org/
Homepage: http://homepages.ihug.com.au/~zenaan/
PGP Key: http://homepages.ihug.com.au/~zenaan/zen.asc
Please respect this email's confidentiality as sensibly warranted.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: