[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Apt-get package verification

On Thu, Feb 08, 2001 at 12:29:42PM -0600, schwack wrote:
> Anybody know if apt will do any sort of verification of checksums or
> anything to validate the package is from debian?

Currently it won't.  :-\  You would have to get the packages yourself
and check the md5sums.

> and i'm curious that is somebody poisons some routes and/or dns caches, we could
> have serious trouble.

Yup.  :-\  However, using a good dns cache implementation (such as
djbdns) will reduce/eliminate the risk of anyone altering your dns
cache.  Then you're really only susceptible to modified routes, and
poisoned upstream name servers (root, .org, etc.).

Reply to: