Re: how to ask for aptitude "improvement" wrt unsigned package
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Boyd Stephen Smith Jr. wrote:
> On Monday 02 March 2009 12:05:20 marcausl@gmail.com wrote:
>> I am using a repository that doesn't sign its package. I know and
>> trust it.
>
> That's not exactly what the signatures are about. They are mainly about
> preventing MitM attacks, whether from mirror administrators or someone
> attacking your internet connection directly.
Or earthly things like failing disks or failing network connections.
It's always good to _verify_ that the software arrives as intended by
the packager...
Cheers,
Johannes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkmtf/gACgkQC1NzPRl9qEV2xACeKpRITgXfxAvlq77o9HcJM4Ca
XkYAn2wH1FUG+F3WjU21WqYfruj4Fjle
=1qZ2
-----END PGP SIGNATURE-----
Reply to: