[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Is there any security risk using p2p client ?

On Sun, Aug 16, 2009 at 05:04:21AM -0500, Dave Sherohman wrote:

> Always obtain your checksums via an alternate (cryptographically-
> secured) path, not directly from the data they're being used to verify.

The Debian package management system uses a different strategy: The path
itself need not be secure (because, well, nobody really likes the
central CA approach of SSL ;-) ). Rather, the distribution signs the
media itself (Packages, Sources and Release files).

(In case the torrent content in question is debtorrent and alike)

Tzafrir Cohen         | tzafrir@jabber.org | VIM is
http://tzafrir.org.il |                    | a Mutt's
tzafrir@cohens.org.il |                    |  best
ICQ# 16849754         |                    | friend

Reply to: