[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dselect / apt-get and packages

On Mon, 08 Jul 2002 at 09:31:49PM +0300, Marcel Weber wrote:
> Hi
> I just have a silly question: During a discussion in a newsgroup about the
> Mac OS X Software Update vulnerabity
> (http://www.cunap.com/~hardingr/projects/osx/exploit.html) someone said,
> that this could happen with debian, too. I argued, that this is not possible
> as debian uses pgp / gpg signatures to check the integrity of the packages.

Actually, as the system is, it could.  There was an arcticle on this some time

Certain parts of the package are signed but there is no automated checking
of those signatures AFAIK.


wget -O - http://www.zionlth.org/~plhofmei/ | gpg --import

Attachment: pgpXTaOWGwODB.pgp
Description: PGP signature

Reply to: