AW: dselect / apt-get and packages
> Actually, as the system is, it could. There was an arcticle on
> this some time
> Certain parts of the package are signed but there is no automated checking
> of those signatures AFAIK.
Well this would not be a big thing, would it? When I take a look at the ftp
server, there is a .dsc with pgp signatures for each package. So letting
dselect / aptitude or better dpkg-get doing a check for the key via gpg
would be no big deal, or am I wrong? As there are many mirrors worldwide,
that could be hacked or something, it would be a huge security improvement.
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org