Re: Apt-get package verification
On Thu, Feb 08, 2001 at 12:29:42PM -0600, schwack wrote:
> Anybody know if apt will do any sort of verification of checksums or
> anything to validate the package is from debian?
Currently it won't. :-\ You would have to get the packages yourself
and check the md5sums.
> and i'm curious that is somebody poisons some routes and/or dns caches, we could
> have serious trouble.
Yup. :-\ However, using a good dns cache implementation (such as
djbdns) will reduce/eliminate the risk of anyone altering your dns
cache. Then you're really only susceptible to modified routes, and
poisoned upstream name servers (root, .org, etc.).