[Gllug] Signitures on debs
Thom May
thom at positive-internet.com
Tue Aug 6 16:03:01 UTC 2002
* Jonathan Dye (jonathan.dye at automationpartnership.com) wrote :
> Hi,
>
> As there are a few debian users on this list I thought one of you might know
> whether debs from debian have corresponding signitures files to verify
> integerity. Also, if they do does apt use them to verify the packages?
> I like being able to just install a package easily with a single apt-get but
> I suddenly realised that I don't know if I can trust the mirror I'm using to
> not have trojened debs.
>
> JD
>
Debs themselves are not signed, but there is functionality for the
repository itself to sign the Release files, so you can ensure that the
mirror is not trojaned.
http://www.advogato.org/person/ajt/diary.html?start=12
(AJ is debian release manager ;-) )
-Thom
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list