On Tue, Jan 29, 2008 at 04:06:12PM +1100, Anthony Towns wrote: > On Sat, Jan 26, 2008 at 10:14:56PM +0100, Frank Lichtenheld wrote: > > The whole thing honestly doesn't do much for security anyway until the gpg > > support of dpkg-source is largely improved. For that I have no real concept > > yet, though. > > Well, apt verifies them when it downloads the source before passing > it to dpkg to unpack; and there's also verification when entering the
That would be news to me. And I can't seem to find that in the code, either. > archive in the first place, and manual verification at other times (eg, > when the archive gets compromised). Gruesse, -- Frank Lichtenheld <[EMAIL PROTECTED]> www: http://www.djpig.de/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
