Re: Is there any security risk using p2p client ?
On Sun, Aug 16, 2009 at 05:04:21AM -0500, Dave Sherohman wrote:
> Always obtain your checksums via an alternate (cryptographically-
> secured) path, not directly from the data they're being used to verify.
The Debian package management system uses a different strategy: The path
itself need not be secure (because, well, nobody really likes the
central CA approach of SSL ;-) ). Rather, the distribution signs the
media itself (Packages, Sources and Release files).
(In case the torrent content in question is debtorrent and alike)
Tzafrir Cohen | email@example.com | VIM is
http://tzafrir.org.il | | a Mutt's
firstname.lastname@example.org | | best
ICQ# 16849754 | | friend