[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: security.debian.org mirrors?

-----Message d'origine-----
De : Andreas Barth [mailto:aba@not.so.argh.org]
Envoyé : jeudi 29 septembre 2005 22:29
Objet : Re: security.debian.org mirrors?
>* Arnaud Fontaine (arnaud@andesi.org) [050929 22:26]:
>> Is it possible to have a warranty that the package in the mirror archive
>> hasn't be modified  by someone else ? Maybe my question  is stupid but i
>> wasn't able to find an answer on replicator website ;).
>The Release-file is digitally signed, and contains checksums of the
>Packages files. The Packages files contain checksums of the packages.
So, for optimal security, the package from the mirror should be validated
with the original sums from security.debian.org, should they ?

Reply to: