also sprach sean finney <seanius@seanius.net> [2002.11.28.0837 +0100]: > however, i started to think about the fact that if someone were to > break into metalab.unc.edu and place trojan updated versions of > debian packages in woody/main, i'd very likely end up unknowingly > upgrading to them. now i'm not making any assumtions about them having > low security, or even debian's main site having higher security, but > on the principle of the matter, is there any way to limit the packages > that can be retrieved from a specific source? signed packages or release files are being worked on. hold your toes. in the mean time you should bitch heavily at any operator of an archive who has a higher version number of some software in his archives than one can find in Debian. -- .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system NOTE: The public PGP keyservers are broken! Get my key here: http://people.debian.org/~madduck/gpg/330c4a75.asc
Attachment:
pgpG4pYyLzE4H.pgp
Description: PGP signature