RE: security.debian.org mirrors?
De : Andreas Barth [mailto:email@example.com]
Envoyé : jeudi 29 septembre 2005 22:29
Objet : Re: security.debian.org mirrors?
>* Arnaud Fontaine (firstname.lastname@example.org) [050929 22:26]:
>> Is it possible to have a warranty that the package in the mirror archive
>> hasn't be modified by someone else ? Maybe my question is stupid but i
>> wasn't able to find an answer on replicator website ;).
>The Release-file is digitally signed, and contains checksums of the
>Packages files. The Packages files contain checksums of the packages.
So, for optimal security, the package from the mirror should be validated
with the original sums from security.debian.org, should they ?