On Fri, May 30, 2014 at 11:13:31PM +1000, Alfie John wrote:
As what I posted earlier, all you would need to do is to MITM the install of APT during an install. Who cares what the signatures look like since you've NOPed the checksumming code!
That's why you verify the initial install media per the link I posted earlier...
-- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/90ebee24-e7fd-11e3-89ae-00163eeb5...@msgid.mathom.us
