Re: Apt-get is insecure

To: debian-security@lists.debian.org
Subject: Re: Apt-get is insecure
From: jereme <jereme@restorative-management.com>
Date: Thu, 13 Dec 2001 12:22:16 -0500
Message-id: <[🔎] 20011213172216.GA5804@restorative-management.com>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20011213152447.GV14968@wiggy.net>
References: <[🔎] 20011213172418.A25716@karjala.org> <[🔎] 20011213152447.GV14968@wiggy.net>

Hi,

[snips:]

Wichert Akkerman wrote:
> Previously Alexander Karelas wrote:
> > RedHat uses a PGP signature scheme. What are we doing about it?
>
> apt-get install debsign

I am running woody and cannot find this package, nor is it listed as
part of unstable, (checked www.debian.org/distrib/packages).

I do see it as a script within the devscripts package, I installed
this on my machine and read the man page for debsign.  My question is,
does apt-get check this signature, (I do not think so).

Can/is the checking of these signatures, (and fetching the appropriate
developer keys) integrated into apt-get?  What am I missing?

Thanks in advance,

jereme

+--------------------------------------------------------------+
Jereme Corrado <jereme@restorative-management.com>
Network Administrator
Restorative Management Corp.

Reply to:

References:
- Apt-get is insecure
  - From: Alexander Karelas <karjala_lists@yahoo.co.uk>
- Re: Apt-get is insecure
  - From: Wichert Akkerman <wichert@wiggy.net>

Prev by Date: Re: ssh and root
Next by Date: Re: Apt-get is insecure
Previous by thread: Re: Apt-get is insecure
Next by thread: Re: Apt-get is insecure
Index(es):
- Date
- Thread