Re: Debian Security Mirror
Rick Moen wrote:
> If I started mirroring the security team's packages, would you trust
> my mirror?
Your point is well made, but what makes you trust a package from the regular
mirrors any more?
And here's one method with potential:
You check the signatures from security.debian.org and get the binaries from
a mirror. The signature can even include "approved" mirrors although the
proof is in the binary so it doesn't really matter *where* it comes from.
If the hashes+signature match up then you're golden.
>I have an honest face. ;->
[Well since I pray to DJB before bed, I'd of course disagree. :-) ]