[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Apt-get is insecure

On Mon, 17 Dec 2001, Simon Hill wrote:
> so assuming that dpkg (and/or apt?) can 
> deal with embedded gpg signiatures in .deb 
> files, how do we get maintainers to start 
> using them?

We deploy the required infrastructure to make good use of signatures in the
archive, test it, send email explaining how to sign packages to
debian-devel-announce, and then get da-katie to refuse non-signed debs.

It is better to wait for Wichert's python mass-signing script first.

  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to: