[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Apt-get is insecure

On Thu, Dec 13, 2001 at 05:20:14PM +0100, Wichert Akkerman wrote:
>   package
> * dpkg will call debsig-verify to verify the signature and validate the
>   package
> The last step is currently skipped since /etc/dpkg/dpkg.cfg includes
> the no-debsig option by default, otherwise debsig-verify would happily
> reject all current packages.
Well, if it's not used (skipped) should we even bother installing debsig-verify and debsigs?


Reply to: