[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Revival of the signed debs discussion

Andreas Metzler wrote:
> I still don't understand how you change the version number (or the
> package-name) without breaking the signature.

Which signature? The Packages file is being modified, so of course the
hain of trust back to the Release file signature can be used to catch
tampering with it. However, the signature in a deb itself cannot help
against this kind of attack.

see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to: