Re: Debian Security Mirror

To: <debian-security@lists.debian.org>
Subject: Re: Debian Security Mirror
From: "David U." <davidu@everydns.net>
Date: Wed, 18 Sep 2002 14:53:09 -0500
Message-id: <[🔎] 000b01c25f4d$03efc180$2532fc80@pravda>
References: <[🔎] 000b01c25f4b$0f504560$2532fc80@pravda> <[🔎] 20020918194823.GN15786@linuxmafia.com>

Rick Moen wrote:

> If I started mirroring the security team's packages, would you trust
> my mirror?

Your point is well made, but what makes you trust a package from the regular
mirrors any more?

And here's one method with potential:
You check the signatures from security.debian.org and get the binaries from
a mirror.  The signature can even include "approved" mirrors although the
proof is in the binary so it doesn't really matter *where* it comes from.
If the hashes+signature match up then you're golden.

>I have an honest face.  ;->

[Well since I pray to DJB before bed, I'd of course disagree. :-) ]

-davidu

Reply to:

Follow-Ups:
- Re: Debian Security Mirror
  - From: Rick Moen <rick@linuxmafia.com>

References:
- Debian Security Mirror
  - From: "David U." <davidu@everydns.net>
- Re: Debian Security Mirror
  - From: Rick Moen <rick@linuxmafia.com>

Prev by Date: Re: Debian Security Mirror
Next by Date: Re: Debian Security Mirror
Previous by thread: Re: Debian Security Mirror
Next by thread: Re: Debian Security Mirror
Index(es):
- Date
- Thread