Am Sonntag, 28. Juni 2009 schrieb Steve Langasek: > On Sun, Jun 28, 2009 at 01:47:39AM +0200, Timo Weingärtner wrote: > > Package: wnpp > > Severity: wishlist > > X-Debbugs-CC: debian-devel@lists.debian.org > > > > Package name: openssh-known-hosts > > Version: 0.2 > > Upstream Author: Timo Weingärtner <timo@tiwe.de> > > URL: will go to mentors.debian.net as soon as I get the bug > > number License: GPL2+ > > Description: This package allows you to download public hostkeys from > > multiple sources and merge them together into one file > > for use by OpenSSH. Plugins for some types of sources are included, new > > plugins can easily be written. > > How does this avoid *totally negating* the security value of doing SSH host > key validation? Oh, this is missing in the package description. curl can use https and the curl and rsync plugins can do gpg verification. Greetings Timo
Attachment:
signature.asc
Description: This is a digitally signed message part.