On 2014-09-24 23:05, Hans-Christoph Steiner wrote: > * the signature files sign the package contents, not the hash of > whole .deb file (i.e. control.tar.gz and data.tar.gz).
So preinst and friends would not be signed? Sounds dangerous to me. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140925035052.GA20936@fama