[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to verify package integrity after they have been downloaded?

In article <[🔎] c7b40f9d0804051611r6e7f965aw24ed1038237901ba@mail.gmail.com> you wrote:
> If you are talking about automating the verification process, that
> wouldn't quite work. The system that downloads the packages might have
> been compromised. The files that I would sign on that system might
> have been already modified at the time when I sign them.

Yes you are right, does not work in your scenario.

But you can use the unsecure system as a proxy and use apt-get/secure on the trusted machine.


Reply to: