[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: https for apt to prevent man in middle transparent proxy mirror attacks?

On Thu, 10 Jun 2004 00:38:38 +1000, Hamish Moffatt <hamish@debian.org>
>Hence you verify the GPG signature for the top-level release file and
>follow the md5sums from there. Simple.

As far as I remember, we don't have a program that does this
validation automatically. Additionally, this doesn't work too well for
unstable and testing since the signatures for unstable and testing are
created automatically. But https wouldn't be any better though.


-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber          |   " Questions are the         | Mailadresse im Header
Karlsruhe, Germany  |     Beginning of Wisdom "     | Fon: *49 721 966 32 15
Nordisch by Nature  | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29

Reply to: