On Mon, 08 Jul 2002 at 09:31:49PM +0300, Marcel Weber wrote: > Hi > > I just have a silly question: During a discussion in a newsgroup about the > Mac OS X Software Update vulnerabity > (http://www.cunap.com/~hardingr/projects/osx/exploit.html) someone said, > that this could happen with debian, too. I argued, that this is not possible > as debian uses pgp / gpg signatures to check the integrity of the packages. Actually, as the system is, it could. There was an arcticle on this some time ago... Certain parts of the package are signed but there is no automated checking of those signatures AFAIK. -- Phil PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/ | gpg --import
Attachment:
pgpgndckhcyWP.pgp
Description: PGP signature