RE: security.debian.org mirrors?

To: debian-security@lists.debian.org
Subject: RE: security.debian.org mirrors?
From: Mathieu JANIN <Matt@tgcaen.dyndns.biz>
Date: Fri, 30 Sep 2005 09:37:44 +0200
Message-id: <[🔎] D0B6C1BAE46CD711B8E70048545A2AC90C92A3@pop.ga.lan>

-----Message d'origine-----
De : Andreas Barth [mailto:aba@not.so.argh.org]
Envoyé : jeudi 29 septembre 2005 22:29
Objet : Re: security.debian.org mirrors?
>* Arnaud Fontaine (arnaud@andesi.org) [050929 22:26]:
>> Is it possible to have a warranty that the package in the mirror archive
>> hasn't be modified  by someone else ? Maybe my question  is stupid but i
>> wasn't able to find an answer on replicator website ;).
>The Release-file is digitally signed, and contains checksums of the
>Packages files. The Packages files contain checksums of the packages.
>Cheers,
>Andi
So, for optimal security, the package from the mirror should be validated
with the original sums from security.debian.org, should they ?
++,
MATT

Reply to:

Prev by Date: Re: New mysql packages fix arbitrary code execution
Next by Date: !!!! UNSUSCRIBE !!!!
Previous by thread: Re: security.debian.org mirrors?
Next by thread: SELinux
Index(es):
- Date
- Thread