[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Apt-get is insecure

On Thu, 2001-12-13 at 10:44, Wichert Akkerman wrote:
> Previously Blake Barnett wrote:
> > Conectiva currently has support for signed _repositories_, as well as
> > signed RPM packages.  Check out their /etc/apt/sources.list for more
> > info on it.  
> 
> That's exactly what I just described.. the Conectiva apt also seems
> to be based on an ancient version, they are at 0.3.19cnc53 while
> apt is up to 0.5.4 now.

Ah.. the way you described it I thought apt would be checking signatures
on packages individually.  Indeed that version looks quite strange...

> 
> Wichert.
> 
> -- 
>   _________________________________________________________________
>  /wichert@wiggy.net         This space intentionally left occupied \
> | wichert@deephackmode.org            http://www.liacs.nl/~wichert/ |
> | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
-- 
Blake Barnett (bdb)  <blake.barnett@developonline.com>
Sr. Unix Administrator
DevelopOnline.com                 office: 480-377-6816

"Do, or do not.  There is no try." --Yoda
Reply to: