Package: apt-file
Version: 2.2.2
Severity: wishlist
Hi.
As apt-file loads information from the internet, I wondered:
Is secure-apt used and if not, can it be used?
e.g. the Contents files,... are they secured by the signed Release files?
apt-file should check this (and then depend on
debian-archive-keyring), and bail out when something doesn't verify.
In addition: It should use ONLY the secure hashes provided. Especially
MD5 is now really broken, IMHO. If for a file only MD5 was provided,
I'd consider it as invalid, as well.
Thanks,
Chris.
-- System Information:
Debian Release: 5.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-heisenberg (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages apt-file depends on:
ii curl 7.18.2-8 Get a file from an HTTP, HTTPS or
ii libapt-pkg-perl 0.1.22+b1 Perl interface to libapt-pkg
ii libconfig-file-perl 1.50-1 Parses simple configuration files
ii liblist-moreutils-perl 0.22-1+b1 Addition list functions not found
ii perl 5.10.0-19 Larry Wall's Practical Extraction
Versions of packages apt-file recommends:
ii menu 2.1.41 generates programs menu
for all me
Versions of packages apt-file suggests:
ii openssh-client 1:5.1p1-5 secure shell client, an
rlogin/rsh
ii sudo 1.6.9p17-2 Provide limited super
user privile
-- no debconf information
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
