also sprach Rudolf Lohner <Rudolf.Lohner@rz.uni-karlsruhe.de> [2005.08.27.1651 +0200]: > This scenario could be avoided if s.d.o would authenticate itself. > Is authentication of the server something which has been considered > with secure apt? I'v suggested this before but never had the time to implement it. Patches are welcome. :) Of course you'll have to add SSL support to security.debian.org as well, which may be the actual show stopper. FWIW, Florian sent me this interesting link: http://www.cs.berkeley.edu/~nweaver/0wn2.html -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP (sub)keys? Use subkeys.pgp.net as keyserver! "we all know linux is great... it does infinite loops in 5 seconds." -- linus torvalds
Attachment:
signature.asc
Description: Digital signature (GPG/PGP)