On Fri, Mar 07, 2003 at 10:08:59AM -0500, Bob Paige wrote: > I am curious about how secure the apt-get system is; is it possible to > spoof a debian server and thus send compromised updates to a given machine? Yes, since apt-get doesn't check signatures, yet. Search the debian-devel archives for the discussion that comes up every couple of months. There are signatures on http://security.debian.org/ that you can manually verify, of course, and there are scripts out there that add this functionality to apt-get. -- Rob Weir <rweir@ertius.org> http://ertius.org/
Attachment:
pgpCcmux28LLw.pgp
Description: PGP signature