[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: https for apt to prevent man in middle transparent proxy mirror attacks?

On Wed, Jun 09, 2004 at 12:19:17PM -0700, Karl Hegbloom <hegbloom@pdx.edu> was heard to say:
> On Wed, 2004-06-09 at 16:35 +0200, Guus Sliepen wrote:
> > On Wed, Jun 09, 2004 at 06:44:42AM -0700, Karl Hegbloom wrote:
> > 
> > > I think that Debian should have it's own internal PKI, and server keys
> > [...]
> > 
> > It already has. I believe the version of apt in experimental can verify
> > the authenticity of the packages it downloaded for you.
> How do I know if it's actually doing that for me, and is it implemented
> in libapt, so that aptitude will also do this?

  It's in libapt, but aptitude doesn't have hooks to display the
information yet.  AFAIK the apt that does this is delayed till
post-sarge, and I'm working on stuff that I want to get into sarge.


/-------------------- Daniel Burrows <dburrows@debian.org> -------------------\
|   It is very dark.  If you proceed you are likely to be eaten by a grue.    |
\------------- Got APT? -- Debian GNU/Linux http://www.debian.org ------------/

Reply to: