Le jeu 01/08/2002 à 15:16, Paul Hampson a écrit : > On Thu, Aug 01, 2002 at 02:31:07PM +0200, Sebastien Chaumat wrote: > > Is there any source signing mechanism available in Debian? > > There is, in that the MD5 sum of the .orig.tar.gz goes into > the .dsc file. > > Not that it would affect this case, since the trojan would have > been in the tar.gz which had it's MD5 recorded. Although it > would only affect people who built the package anyway. >
I guess in the future (see the apt-src and co threads on devel) more and more people will auto-build packages localy. This will become a serious issue then. SEb
