Bug#515940: is secure-apt used in ALL places?
This is perhaps more a question but depending on the answer it will
become a wishlist bug ;)
Is secure apt used in all places of apt?
Of course it is when installing/upgrading new packages (i.e. apt-get
What about apt-get source? Are the source package parts checked? Each of them?
And in general,... are packages checked after downloading, or before
I mean,.. e.g. the packages in /var/cache/apt/archives/ are they
secured/checked, and could I use (e.g. dpkg -i) them manually... or
are they only checked when actually used (e.g. installed) by apt?
What about apt-cache? E.g. when doing package searches or displaying
Now that MD5 seems to be really broken,... does apt-get still use the
If so, this should be disabled and _ONLY_ newer hashes should be used
If not present, the package should be considered invalid.
-- System Information:
Debian Release: 5.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-heisenberg (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages apt depends on:
ii debian-archive-keyring 2009.01.31 GnuPG archive keys of the
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libgcc1 1:4.3.3-4 GCC support library
ii libstdc++6 4.3.3-4 The GNU Standard C++ Library v3
apt recommends no packages.
Versions of packages apt suggests:
ii apt-doc 0.7.20.2 Documentation for APT
ii aptitude 0.4.11.11-1 terminal-based package manager
ii bzip2 1.0.5-1 high-quality
block-sorting file co
ii dpkg-dev 1.14.25 Debian package development tools
ii lzma 4.43-14 Compression method of 7z
ii python-apt 0.7.8 Python interface to libapt-pkg
-- no debconf information
This message was sent using IMP, the Internet Messaging Program.