> > Actually, as the system is, it could. There was an arcticle on > this some time > ago... > > Certain parts of the package are signed but there is no automated checking > of those signatures AFAIK. >
Well this would not be a big thing, would it? When I take a look at the ftp server, there is a .dsc with pgp signatures for each package. So letting dselect / aptitude or better dpkg-get doing a check for the key via gpg would be no big deal, or am I wrong? As there are many mirrors worldwide, that could be hacked or something, it would be a huge security improvement. Regards Marcel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
