Re: ssh method in sources.list
Am Fre, 2002-09-20 um 09.58 schrieb Adrian von Bidder:
> To my knowledge, although Release files are signed, packages are not,
> and not even the Release file signatures are usually checked.
>
> :-/
>
> So, theoretically, the need for trusted downloads exists today. Or the
> need for the security infrastructure to be completed.
what about https-mirrors? i think this is the easiest way (without
changing code or force the user to tunnel manually) to support some kind
of security.
cu
Reply to: