[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Security Mirror

Rick Moen wrote:

> If I started mirroring the security team's packages, would you trust
> my mirror?

Your point is well made, but what makes you trust a package from the regular
mirrors any more?

And here's one method with potential:
You check the signatures from security.debian.org and get the binaries from
a mirror.  The signature can even include "approved" mirrors although the
proof is in the binary so it doesn't really matter *where* it comes from.
If the hashes+signature match up then you're golden.

>I have an honest face.  ;->

[Well since I pray to DJB before bed, I'd of course disagree. :-) ]


Reply to: