On Sun, 2003-11-30 at 18:54, Goswin von Brederlow wrote: > Zenaan Harkness <firstname.lastname@example.org> writes: > > > On Sun, 2003-11-30 at 11:47, Goswin von Brederlow wrote: > > > I know that anyone subscribe to the *-changes lists can verify the > > > signatures on the changes files agains the debs or Packages files but > > > is anyone doing so? > > > > Distributed trust => distributed auditing. If there is an automated way > > for joe-user to run daily checks, I for one would "aptitude install" > > it... > > > > rgds > > zen > > You would need a local debian mirror or at least a partial one. > > If you archive the changes list you could verify the debs when apt-get > downloads. For yoe average users thats way too much work and the > Release.gpg is enough. As it so happens, I use apt-move, and do have a sid/unstable archive. There are probably a few developers with something similar. (My mirror is these days just a mirror of my own packages - I used to have a full, binary + source mirror, but ran out of disk space. cheers zen -- NEW! The Debian Enterprise Project: http://debian-enterprise.org/ Homepage: http://homepages.ihug.com.au/~zenaan/ PGP Key: http://homepages.ihug.com.au/~zenaan/zen.asc Please respect this email's confidentiality as sensibly warranted.
Description: This is a digitally signed message part