Re: Apt-get is insecure
On Thu, 2001-12-13 at 10:44, Wichert Akkerman wrote:
> Previously Blake Barnett wrote:
> > Conectiva currently has support for signed _repositories_, as well as
> > signed RPM packages. Check out their /etc/apt/sources.list for more
> > info on it.
> That's exactly what I just described.. the Conectiva apt also seems
> to be based on an ancient version, they are at 0.3.19cnc53 while
> apt is up to 0.5.4 now.
Ah.. the way you described it I thought apt would be checking signatures
on packages individually. Indeed that version looks quite strange...
> /firstname.lastname@example.org This space intentionally left occupied \
> | email@example.com http://www.liacs.nl/~wichert/ |
> | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
> To UNSUBSCRIBE, email to firstname.lastname@example.org
> with a subject of "unsubscribe". Trouble? Contact email@example.com
Blake Barnett (bdb) <firstname.lastname@example.org>
Sr. Unix Administrator
DevelopOnline.com office: 480-377-6816
"Do, or do not. There is no try." --Yoda