Re: Bug#592115: apt seems to somehow use ~/.gnupg dir when checking package integrity which might be used for security attacks
On Sat, 2010-08-07 at 21:27 +0200, Julian Andres Klode wrote:
> As everyone should know, dpkg unpacks the source packages and verifies
> them using gpg. APT knows that the package is secure, because the source
> is secure.
Ah I've missed that this is from the debsig, and not from checking the
integrity via the Release file etc.
Is apt-get even checking the integrity via the later, when using apt-get
source?
Nevertheless,... I still don't understand, why I get that error....
especially, as I e.g. don't get it for the package gnupg (in contrast to
base-files).... and I don't get it at all in sid.
Cheers,
Chris.
Reply to: