Re: Apt-get is insecure

To: debian-security@lists.debian.org
Subject: Re: Apt-get is insecure
From: Torrin <jonestor1976@hotmail.com>
Date: Fri, 14 Dec 2001 17:31:52 -0800
Message-id: <[🔎] 20011215013152.GA7217@taj.san.rr.com>
Reply-to: jonestor1976@hotmail.com
In-reply-to: <[🔎] 20011213162014.GA14968@wiggy.net>
References: <[🔎] 20011213172418.A25716@karjala.org> <[🔎] 20011213152447.GV14968@wiggy.net> <[🔎] E16EYS9-0002IA-00@mkiglo6> <[🔎] 20011213162014.GA14968@wiggy.net>

On Thu, Dec 13, 2001 at 05:20:14PM +0100, Wichert Akkerman wrote:
[SNIP]
>   package
> * dpkg will call debsig-verify to verify the signature and validate the
>   package
> 
> The last step is currently skipped since /etc/dpkg/dpkg.cfg includes
> the no-debsig option by default, otherwise debsig-verify would happily
> reject all current packages.
> 
Well, if it's not used (skipped) should we even bother installing debsig-verify and debsigs?

TAJ

Reply to:

Follow-Ups:
- Re: Apt-get is insecure
  - From: Wichert Akkerman <wichert@wiggy.net>

References:
- Apt-get is insecure
  - From: Alexander Karelas <karjala_lists@yahoo.co.uk>
- Re: Apt-get is insecure
  - From: Wichert Akkerman <wichert@wiggy.net>
- Re: Apt-get is insecure
  - From: Emiel Metselaar <e.d.metselaar@phys.rug.nl>
- Re: Apt-get is insecure
  - From: Wichert Akkerman <wichert@wiggy.net>

Prev by Date: Re: Exim mail
Next by Date: Re: Apt-get is insecure
Previous by thread: Re: Apt-get is insecure
Next by thread: Re: Apt-get is insecure
Index(es):
- Date
- Thread