Hi
I'd like to know whether it's possible to check the signature of a Debian
(Etch) install CD, at the earliest stage of the install process.
Indeed, right after the base-installer unpacks the base system files, apt loads
the contents of the CD and checks the Release.gpg signature against the Release
file.
Two problems, however:
- apt will complain if the signature is wrong, but won't if the Release.gpg
file is not even present on the CD;
- this procedure excludes the udebs loaded by debian-installer
So, is there a way to secure the whole install process (I mean, besides manual
checking)? I noticed that gpgv is among the default udebs, what is it used for?
Thanks,
--
Keyser
_____________________________________________________________________________
Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail
http://mail.yahoo.fr
