On Sun, Feb 10, 2008 at 06:46:55PM +0100, Frank Lichtenheld wrote: > On Tue, Jan 29, 2008 at 04:06:12PM +1100, Anthony Towns wrote: > > On Sat, Jan 26, 2008 at 10:14:56PM +0100, Frank Lichtenheld wrote: > > > The whole thing honestly doesn't do much for security anyway until the gpg > > > support of dpkg-source is largely improved. For that I have no real concept > > > yet, though. > > Well, apt verifies them when it downloads the source before passing > > it to dpkg to unpack; and there's also verification when entering the > That would be news to me. And I can't seem to find that in the code, > either. $ apt-get source dpkg Reading package lists... Done Building dependency tree... Done Need to get 3385kB of source archives. Get:1 http://blah stable/main dpkg 1.13.25 (dsc) [853B] Get:2 http://blah stable/main dpkg 1.13.25 (tar) [3385kB] Fetched 3385kB in 10s (334kB/s) Failed to fetch http://blah/debian/pool/main/d/dpkg/dpkg_1.13.25.dsc MD5Sum mismatch E: Failed to fetch some archives. Cheers, aj
Attachment:
signature.asc
Description: Digital signature