Robert Bihlmeyer <[EMAIL PROTECTED]> wrote: > That's just the point: the security of a singly-signed Packages.gz > would not be much higher than that of the ftp sites themselves. > Nothing to win, here.
Actually I'm not concerned right now with the security of the main debian ftp site. While that's important, I assume that has already been handled. I just want to make sure that the packages I download come from Debian and not some man-in-the-middle. I can do that now on a maintainer level by using the source. But I cannot check that the binary I got really came from Debian people. And if Packages is signed, I would expect whoever or whatever signs it to also check that the packages listed inside that file actually came from a Debian maintainer. As far as I understand it, this is possible since the package upload (binary) is also signed by the maintainer. It seems like the only path that does not have at least some cryptographic safety is the path from Debian to the poor user. :-) And I hope Potato's Packages file can be signed so I don't have to wait for Woody. Even if I have to manually download the Packages file, check the signature, then update my system - even that will save me *hours* of work! - Chris
