-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Florian Weimer <[EMAIL PROTECTED]> wrote: > There isn't an easy way to determine whether a Debian package is > authentic or not. I'm not even sure what "authentic" means in this > context.
You are most likely correct, but I'm just mapping my options here; are Debian packages md5summed regularily? If so, I have ``debsums'' package installed. Does this software check the MD5 checksum before the package is installed with apt - or is this just wishful thinking? I was just wondering about the policy, in general - too. Are the "official" Debian packages created with MD5 checksum file, as well? And does ``debsums'' work in conjunction with apt, so it would check the package and checksum file before apt installs it? As I said, just mapping my options here... - -- Jussi Ekholm -- <[EMAIL PROTECTED]> -- http://erppimaa.ihku.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9S5iXAtEARxQQCB4RAtO2AJ9jqY9IM3LuRiB6eCV6hhlczdrCYQCeO5k+ m6ad2IkzWvAwYNSpM9scC2Q= =hyFw -----END PGP SIGNATURE-----
