hey all, so i've decided to give installing java a try, and put the following line in my sources.list: deb ftp://metalab.unc.edu/pub/linux/devel/lang/java/blackdown.org/debian/ woody main non-free i apt-got installed j2re1.3 and now java works without a hitch, and i didn't even have to re-open my web browser. sweet. however, i started to think about the fact that if someone were to break into metalab.unc.edu and place trojan updated versions of debian packages in woody/main, i'd very likely end up unknowingly upgrading to them. now i'm not making any assumtions about them having low security, or even debian's main site having higher security, but on the principle of the matter, is there any way to limit the packages that can be retrieved from a specific source? thanks sean
Attachment:
pgp5iezCQKmRR.pgp
Description: PGP signature