[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Apt-get is insecure



Wichert Akkerman wrote:
> Previously Alexander Karelas wrote:
> > RedHat uses a PGP signature scheme. What are we doing about it?
> apt-get install debsign

I am running woody and cannot find this package, nor is it listed as
part of unstable, (checked www.debian.org/distrib/packages).

I do see it as a script within the devscripts package, I installed
this on my machine and read the man page for debsign.  My question is,
does apt-get check this signature, (I do not think so).

Can/is the checking of these signatures, (and fetching the appropriate
developer keys) integrated into apt-get?  What am I missing?

Thanks in advance,


Jereme Corrado <jereme@restorative-management.com>
Network Administrator
Restorative Management Corp.

Reply to: