[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#592115: apt seems to somehow use ~/.gnupg dir when checking package integrity which might be used for security attacks

On Sat, 2010-08-07 at 21:27 +0200, Julian Andres Klode wrote:
> As everyone should know, dpkg unpacks the source packages and verifies
> them using gpg. APT knows that the package is secure, because the source
> is secure.
Ah I've missed that this is from the debsig, and not from checking the
integrity via the Release file etc.

Is apt-get even checking the integrity via the later, when using apt-get

Nevertheless,... I still don't understand, why I get that error....
especially, as I e.g. don't get it for the package gnupg (in contrast to
base-files).... and I don't get it at all in sid.


Reply to: