[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [RFC] Enhance checksum support

On Sun, Feb 10, 2008 at 06:46:55PM +0100, Frank Lichtenheld wrote:
> On Tue, Jan 29, 2008 at 04:06:12PM +1100, Anthony Towns wrote:
> > On Sat, Jan 26, 2008 at 10:14:56PM +0100, Frank Lichtenheld wrote:
> > > The whole thing honestly doesn't do much for security anyway until the gpg
> > > support of dpkg-source is largely improved. For that I have no real concept 
> > > yet, though.
> > Well, apt verifies them when it downloads the source before passing
> > it to dpkg to unpack; and there's also verification when entering the
> That would be news to me. And I can't seem to find that in the code,
> either.

$ apt-get source dpkg
Reading package lists... Done
Building dependency tree... Done
Need to get 3385kB of source archives.
Get:1 http://blah stable/main dpkg 1.13.25 (dsc) [853B]
Get:2 http://blah stable/main dpkg 1.13.25 (tar) [3385kB]
Fetched 3385kB in 10s (334kB/s)
Failed to fetch http://blah/debian/pool/main/d/dpkg/dpkg_1.13.25.dsc  MD5Sum mismatch
E: Failed to fetch some archives.


Attachment: signature.asc
Description: Digital signature

Reply to: