-----Message d'origine-----
De : Andreas Barth [mailto:[EMAIL PROTECTED]
Envoyé : jeudi 29 septembre 2005 22:29
Objet : Re: security.debian.org mirrors?
>* Arnaud Fontaine ([EMAIL PROTECTED]) [050929 22:26]:
>> Is it possible to have a warranty that the package in the mirror archive
>> hasn't be modified by someone else ? Maybe my question is stupid but i
>> wasn't able to find an answer on replicator website ;).
>The Release-file is digitally signed, and contains checksums of the
>Packages files. The Packages files contain checksums of the packages.
>Cheers,
>Andi
So, for optimal security, the package from the mirror should be validated
with the original sums from security.debian.org, should they ?
++,
MATT
