[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Reproducible-builds] concrete steps for improving apt downloading security and privacy

On 2014-09-24 23:05, Hans-Christoph Steiner wrote:
> * the signature files sign the package contents, not the hash of
>   whole .deb file (i.e. control.tar.gz and data.tar.gz).

So preinst and friends would not be signed? Sounds dangerous to me.

Reply to: