Re: Automatic Debian security updates, an Implementation

To: debian-security@lists.debian.org
Subject: Re: Automatic Debian security updates, an Implementation
From: Jan Niehusmann <jan@debian.org>
Date: Fri, 18 Oct 2002 16:54:31 +0200
Message-id: <[🔎] 20021018145431.GA15280@gondor.com>
In-reply-to: <[🔎] 200210181048.16434.rtilley@vt.edu>
References: <[🔎] 20021018105825.GA3174@ghanima.endorphin.org> <[🔎] 20021018132014.GA31649@digitasaru.net> <[🔎] 20021018135553.GA14701@gondor.com> <[🔎] 200210181048.16434.rtilley@vt.edu>

On Fri, Oct 18, 2002 at 10:48:16AM -0400, R. Bradley Tilley wrote:
> Why can't apt-get be modified to check the md5sum of a package against an 
> official debian md5sum list before downloading and installing debs? This 
> seems much simpler and easier than signing debs.

It does. The problem is, how to get an official debian md5sum
list? This is, basically, what apt-check-sigs does. It checks the 
validity of the Packages files (which contains md5sums of individual
packages) with a gpg signature.

Jan

Reply to:

References:
- Automatic Debian security updates, an Implementation
  - From: Fruhwirth Clemens <clemens@endorphin.org>
- Re: Automatic Debian security updates, an Implementation
  - From: Joseph Pingenot <trelane@digitasaru.net>
- Re: Automatic Debian security updates, an Implementation
  - From: Jan Niehusmann <jan@debian.org>
- Re: Automatic Debian security updates, an Implementation
  - From: "R. Bradley Tilley" <rtilley@vt.edu>

Prev by Date: Re: Automatic Debian security updates, an Implementation
Next by Date: Re: ssh "banner"
Previous by thread: Re: Automatic Debian security updates, an Implementation
Next by thread: Re: Automatic Debian security updates, an Implementation
Index(es):
- Date
- Thread