dselect / apt-get and packages

To: "Debian-Security@Lists. Debian. Org" <debian-security@lists.debian.org>
Subject: dselect / apt-get and packages
From: "Marcel Weber" <mmweber@ncpro.com>
Date: Mon, 8 Jul 2002 21:31:49 +0300
Message-id: <[🔎] ABEKLOAPHGEAANDBAIFFGEJBCHAA.mmweber@ncpro.com>

Hi

I just have a silly question: During a discussion in a newsgroup about the
Mac OS X Software Update vulnerabity
(http://www.cunap.com/~hardingr/projects/osx/exploit.html) someone said,
that this could happen with debian, too. I argued, that this is not possible
as debian uses pgp / gpg signatures to check the integrity of the packages.

My question now is the following:

I'm working with dselect to do an update. Then I install all the new
packages. Are the package's signatures checked automatically AND would the
system complain if a signature wouldn't be valid or missing?

Marcel


--------------------

PGP / GPG Key:    http://www.ncpro.com/GPG/mmweber-at-ncpro-com.asc


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: dselect / apt-get and packages
  - From: Phillip Hofmeister <plhofmei@zionlth.org>
- Re: dselect / apt-get and packages
  - From: Hubert Chan <hubert@uhoreg.ca>

Prev by Date: Re: More SSH Fun (X11 forwarding)
Next by Date: Re: dselect / apt-get and packages
Previous by thread: Re: Passwordless OpenSSH login with interactively running script
Next by thread: Re: dselect / apt-get and packages
Index(es):
- Date
- Thread