On Sun, 2008-06-08 at 14:58 -0400, Jim Popovitch wrote: > On Sun, Jun 8, 2008 at 12:30 PM, Bernd Eckenfels <ecki@lina.inka.de> wrote: > > In article <[🔎] 7ff145960806072341q1f30e8fcmc680a2f134f9eb1@mail.gmail.com> you wrote: > >> It's mirror's like that, that make me paranoid about Debian Security. > > > > Why is that? IIS is the second most used web server on the market. And since > > mirrors are not a trusted part of software distribution anyway, I dont see > > an issue here. > > Here's my issue, please correct me if I am wrong. .debs and sigs both > exist on the same server. If the Windows box/network is compromised, > then the sigs and debs can be modified and who would know? Any system regardless of what operating system it is running can be compromised, and the sigs and debs can be "compromised". Remember someone has admin rights, and/or physical access on those machines. If that mirror makes you feel uneasy, use another mirror. It is, after all the mirrors prerogative to use whatever operating system they wish. Regards, Yagisan -- GPG/PGP signed mail preferred. PGP Key ID 0x4B6E7209 Fingerprint E1FD 9D7E 6BB4 1BD4 AEB9 3091 0027 CEFA 4B6E 7209
Attachment:
signature.asc
Description: This is a digitally signed message part