AW: dselect / apt-get and packages

To: "Phillip Hofmeister" <plhofmei@zionlth.org>
Cc: "Debian-Security@Lists. Debian. Org" <debian-security@lists.debian.org>
Subject: AW: dselect / apt-get and packages
From: "Marcel Weber" <mmweber@ncpro.com>
Date: Tue, 9 Jul 2002 00:15:32 +0300
Message-id: <[🔎] ABEKLOAPHGEAANDBAIFFAEJCCHAA.mmweber@ncpro.com>
In-reply-to: <[🔎] 20020708200909.GA18350@zionlth.org>

>
> Actually, as the system is, it could.  There was an arcticle on
> this some time
> ago...
>
> Certain parts of the package are signed but there is no automated checking
> of those signatures AFAIK.
>


Well this would not be a big thing, would it? When I take a look at the ftp
server, there is a .dsc with pgp signatures for each package. So letting
dselect / aptitude or better dpkg-get doing a check for the key via gpg
would be no big deal, or am I wrong? As there are many mirrors worldwide,
that could be hacked or something, it would be a huge security improvement.

Regards

Marcel


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: AW: dselect / apt-get and packages
  - From: Matthew Johnson <mjj29@cam.ac.uk>
- Re: dselect / apt-get and packages
  - From: Rick Moen <rick@linuxmafia.com>

References:
- Re: dselect / apt-get and packages
  - From: Phillip Hofmeister <plhofmei@zionlth.org>

Prev by Date: Re: dselect / apt-get and packages
Next by Date: Re: AW: dselect / apt-get and packages
Previous by thread: Re: dselect / apt-get and packages
Next by thread: Re: AW: dselect / apt-get and packages
Index(es):
- Date
- Thread