[Gllug] Signitures on debs

Thom May thom at positive-internet.com
Tue Aug 6 16:03:01 UTC 2002

* Jonathan Dye (jonathan.dye at automationpartnership.com) wrote :
> Hi,
> As there are a few debian users on this list I thought one of you might know
> whether debs from debian have corresponding signitures files to verify
> integerity.  Also, if they do does apt use them to verify the packages?
> I like being able to just install a package easily with a single apt-get but
> I suddenly realised that I don't know if I can trust the mirror I'm using to
> not have trojened debs.
> JD
Debs themselves are not signed, but there is functionality for the
repository itself to sign the Release files, so you can ensure that the
mirror is not trojaned.
(AJ is debian release manager ;-) )

Gllug mailing list  -  Gllug at linux.co.uk

More information about the GLLUG mailing list