[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Apt-get package verification



On Thu, Feb 08, 2001 at 07:30:08PM +0000, Jim Breton wrote:
> On Thu, Feb 08, 2001 at 08:22:47PM +0100, Christian Hammers wrote:
> > > Currently it won't.  :-\  You would have to get the packages yourself
> > > and check the md5sums.
> > Which were of course altered by the cracker. Bad idea.
> 
> No.  I'm talking about the md5sums listed in the security advisories
> sent by the Debian project.  These messages are signed with their GPG
> keys; if these messages are invalid or have been compromised and the
> signatures still verify, then we have some far more serious problems.

for the debian-developer keys: 
apt-get install debian-keyring

-- 
BOFH excuse #93:

Feature not yet implimented

Attachment: pgpDkpSjmwsIy.pgp
Description: PGP signature


Reply to: