I had a similar question in regard to where partidcular packages which have security patches should be downloaded from - the obvious question is the security server, however it doesn't seem to work that way all the time ...
I don't have my sources.list at hand, unfortunately, but I have noticed that from where I am in the network, the security site often will time out during a download of a particular .deb file which has been updated ... that's not really the problem - the problem is that apt appears to then continue fetching the file from the normal archive rather than from the secure one. The fetched .deb appears to have exactly the same version and revision details as the secure version, and unpacks and installs fine ... but I would have thought that for security's sake that apt should only have attempted to fetch the package from the secure URL rather than the (possibly less secure) main site ... unless the user intervened of course ... Presumably if someone were able to poison the main site with a carefully constructed .deb I could be in trouble if the download from the secure site failed part-way through ... Just a thought ... -- Malcolm Herbert This brain intentionally [EMAIL PROTECTED] left blank
