Re: Automatic Debian security updates, an Implementation
On Fri, Oct 18, 2002 at 10:48:16AM -0400, R. Bradley Tilley wrote:
> Why can't apt-get be modified to check the md5sum of a package against an
> official debian md5sum list before downloading and installing debs? This
> seems much simpler and easier than signing debs.
It does. The problem is, how to get an official debian md5sum
list? This is, basically, what apt-check-sigs does. It checks the
validity of the Packages files (which contains md5sums of individual
packages) with a gpg signature.
Jan
Reply to: