Re: security.debian.org mirrors?

To: Arnaud Fontaine <arnaud@andesi.org>
Cc: debian-security@lists.debian.org
Subject: Re: security.debian.org mirrors?
From: Noah Meyerhans <noahm@debian.org>
Date: Thu, 29 Sep 2005 16:14:59 -0400
Message-id: <[🔎] 20050929201459.GG23741@morgul.net>
Mail-followup-to: Noah Meyerhans <noahm@debian.org>, Arnaud Fontaine <arnaud@andesi.org>, debian-security@lists.debian.org
In-reply-to: <[🔎] 87hdc3zm9h.fsf@velma.mini-dweeb.org>
References: <[🔎] 47FE4D9F956C2164EFE483E2@d216-220-25-36.dynip.modwest.com> <[🔎] 20050929093236.GA7597@fox.noc.fr.clara.net> <[🔎] 433BD380.6030103@neovatar.org> <[🔎] 87hdc3zm9h.fsf@velma.mini-dweeb.org>

On Thu, Sep 29, 2005 at 09:50:34PM +0200, Arnaud Fontaine wrote:
> Is it possible to have a warranty that the package in the mirror archive
> hasn't be modified  by someone else ? Maybe my question  is stupid but i
> wasn't able to find an answer on replicator website ;).

Is this really more important in the security archive than in the main
archive?  I do not believe it is, since any package, whether in the
security archive or not, is going to execute code as root on your
machine.

But anyway, the MD5 checksums and file sizes for the updated package
files are included in the DSA.  Thus, you have plenty of information to
verify the package integrity if you need to.

noah

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- security.debian.org mirrors?
  - From: Michael Loftis <mloftis@modwest.com>
- Re: security.debian.org mirrors?
  - From: Fox <fox@fr.clara.net>
- Re: security.debian.org mirrors?
  - From: Thomas Seliger <debsecsub@neovatar.org>
- Re: security.debian.org mirrors?
  - From: Arnaud Fontaine <arnaud@andesi.org>

Prev by Date: Re: security.debian.org mirrors?
Next by Date: Re: security.debian.org mirrors?
Previous by thread: Re: security.debian.org mirrors?
Next by thread: Re: security.debian.org mirrors?
Index(es):
- Date
- Thread