[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dselect / apt-get and packages



On Mon, 08 Jul 2002 at 09:31:49PM +0300, Marcel Weber wrote:
> Hi
> 
> I just have a silly question: During a discussion in a newsgroup about the
> Mac OS X Software Update vulnerabity
> (http://www.cunap.com/~hardingr/projects/osx/exploit.html) someone said,
> that this could happen with debian, too. I argued, that this is not possible
> as debian uses pgp / gpg signatures to check the integrity of the packages.

Actually, as the system is, it could.  There was an arcticle on this some time
ago...

Certain parts of the package are signed but there is no automated checking
of those signatures AFAIK.


-- 
Phil

PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/ | gpg --import

Attachment: pgpXTaOWGwODB.pgp
Description: PGP signature


Reply to: