On Fri, May 30, 2014 at 10:15:01PM +1000, Alfie John wrote:
The public Debian mirrors seem like an obvious target for governments to MITM. I know that the MD5s are also published, but unless you're verifying them with third parties, what's stopping the MD5s being compromised too?
The cryptographic signatures that are validated automatically by apt.
-- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/bfad3c3a-e7f4-11e3-8753-00163eeb5...@msgid.mathom.us