[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

AW: dselect / apt-get and packages

> Actually, as the system is, it could.  There was an arcticle on
> this some time
> ago...
> Certain parts of the package are signed but there is no automated checking
> of those signatures AFAIK.

Well this would not be a big thing, would it? When I take a look at the ftp
server, there is a .dsc with pgp signatures for each package. So letting
dselect / aptitude or better dpkg-get doing a check for the key via gpg
would be no big deal, or am I wrong? As there are many mirrors worldwide,
that could be hacked or something, it would be a huge security improvement.



To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: