Bug#319142: apt: attempts to install corrupted packages

To: 319142@bugs.debian.org
Subject: Bug#319142: apt: attempts to install corrupted packages
From: Andrew Suffield <asuffield@suffields.me.uk>
Date: Thu, 28 Jul 2005 20:25:05 +0100
Message-id: <[🔎] 20050728192505.GA3083@suffields.me.uk>
Reply-to: Andrew Suffield <asuffield@suffields.me.uk>, 319142@bugs.debian.org
In-reply-to: <[🔎] 20050728174218.GM6609@alcor.net>
References: <[🔎] 20050720064402.GA27249@suffields.me.uk> <[🔎] 20050728174218.GM6609@alcor.net>

On Thu, Jul 28, 2005 at 10:42:18AM -0700, Matt Zimmerman wrote:
> severity 319142 wishlist
> merge 319142 250305
> thanks
> 
> On Wed, Jul 20, 2005 at 07:44:02AM +0100, Andrew Suffield wrote:
> > asuffield@cyclone:~$ md5sum /var/cache/apt/archives/xfonts-scalable_6.8.2.dfsg.1-3_all.deb
> > a525d80fb0df950f4e9b0e3141c63d0c  /var/cache/apt/archives/xfonts-scalable_6.8.2.dfsg.1-3_all.deb
> > 
> > Not only is this broken and annoying, it indicates that the security
> > checking code is completely non-functional.
> 
> apt only verifies the md5sum on download; it implicitly trusts the local
> cache.

Which means packages acquired via external methods, such as apt-zip,
are not checked.

-- 
  .''`.  ** Debian GNU/Linux ** | Andrew Suffield
 : :' :  http://www.debian.org/ |
 `. `'                          |
   `-             -><-          |

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Bug#319142: apt: attempts to install corrupted packages
  - From: Andrew Suffield <asuffield@debian.org>
- Bug#319142: apt: attempts to install corrupted packages
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Bug#319377: libapt-pkg: patches for speedup
Next by Date: Bug#319142: apt: attempts to install corrupted packages
Previous by thread: Re: Processed: Re: Bug#319142: apt: attempts to install corrupted packages
Next by thread: Bug#319142: apt: attempts to install corrupted packages
Index(es):
- Date
- Thread