On 29 aug. 2013, at 09:39, Florian Weimer <[email protected]> wrote:
> How would you tell a legitimate security update from a version that > lacks a signature for other reasons? If you are worried about a non-official/malicious update for the package, the .deb will still need to have a proper signature. The discussion here is the signature on the jar file that is read/verified by the jre. -- Richard -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
