Re: Apt-get is insecure
On Mon, 17 Dec 2001, Simon Hill wrote:
> so assuming that dpkg (and/or apt?) can
> deal with embedded gpg signiatures in .deb
> files, how do we get maintainers to start
> using them?
We deploy the required infrastructure to make good use of signatures in the
archive, test it, send email explaining how to sign packages to
debian-devel-announce, and then get da-katie to refuse non-signed debs.
It is better to wait for Wichert's python mass-signing script first.
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot