Re: Apt-get is insecure
Hi,
[snips:]
Wichert Akkerman wrote:
> Previously Alexander Karelas wrote:
> > RedHat uses a PGP signature scheme. What are we doing about it?
>
> apt-get install debsign
I am running woody and cannot find this package, nor is it listed as
part of unstable, (checked www.debian.org/distrib/packages).
I do see it as a script within the devscripts package, I installed
this on my machine and read the man page for debsign. My question is,
does apt-get check this signature, (I do not think so).
Can/is the checking of these signatures, (and fetching the appropriate
developer keys) integrated into apt-get? What am I missing?
Thanks in advance,
jereme
+--------------------------------------------------------------+
Jereme Corrado <jereme@restorative-management.com>
Network Administrator
Restorative Management Corp.
Reply to: