Re: Apt-get package verification

To: debian-security@lists.debian.org
Subject: Re: Apt-get package verification
From: marcoghidinelli <marcogh@atdot.org>
Date: Sat, 10 Feb 2001 18:11:01 +0100
Message-id: <20010210181101.C369@atdot.org>
Mail-followup-to: marcoghidinelli <marcogh@atdot.org>, debian-security@lists.debian.org
In-reply-to: <20010208193008.C12994@alongtheway.com>; from jamesb-debian@alongtheway.com on Thu, Feb 08, 2001 at 07:30:08PM +0000
References: <Pine.BSO.4.33.0102081226020.3292-100000@fluffy.cy.borg> <20010208191124.A12994@alongtheway.com> <20010208202247.A16407@westend.com> <20010208193008.C12994@alongtheway.com>

On Thu, Feb 08, 2001 at 07:30:08PM +0000, Jim Breton wrote:
> On Thu, Feb 08, 2001 at 08:22:47PM +0100, Christian Hammers wrote:
> > > Currently it won't.  :-\  You would have to get the packages yourself
> > > and check the md5sums.
> > Which were of course altered by the cracker. Bad idea.
> 
> No.  I'm talking about the md5sums listed in the security advisories
> sent by the Debian project.  These messages are signed with their GPG
> keys; if these messages are invalid or have been compromised and the
> signatures still verify, then we have some far more serious problems.

for the debian-developer keys: 
apt-get install debian-keyring

-- 
BOFH excuse #93:

Feature not yet implimented

Attachment: pgpevGTusbncn.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Apt-get package verification
  - From: Carel Fellinger <cfelling@iae.nl>

References:
- Apt-get package verification
  - From: schwack <schwack@fluffy.cy.borg>
- Re: Apt-get package verification
  - From: Jim Breton <jamesb-debian@alongtheway.com>
- Re: Apt-get package verification
  - From: Christian Hammers <ch@westend.com>
- Re: Apt-get package verification
  - From: Jim Breton <jamesb-debian@alongtheway.com>

Prev by Date: Re: Send a mail
Next by Date: Re: sources.list
Previous by thread: Re: Apt-get package verification
Next by thread: Re: Apt-get package verification
Index(es):
- Date
- Thread