Re: How to verify package integrity after they have been downloaded?
In article <firstname.lastname@example.org> you wrote:
> If you are talking about automating the verification process, that
> wouldn't quite work. The system that downloads the packages might have
> been compromised. The files that I would sign on that system might
> have been already modified at the time when I sign them.
Yes you are right, does not work in your scenario.
But you can use the unsecure system as a proxy and use apt-get/secure on the trusted machine.