Matt Zimmerman <[EMAIL PROTECTED]> writes: > Argh, this is a show-stopper I think.
I disagree. It would still be good to offer the users the _ability_ to use only secure sources (for sensitive systems, for instance). Also, including the security features will allow users to start transitioning to all secure sources, and give packages distributers incentive to secure their own sources (especially if apt complains a bit). We can make this less painful by adding features to tools like mini-dinstall. > So there's no real security unless every one of your sources is > authenticated. This has always been the case. Any package can do anything to your system. > These days, systems with unofficial sources in sources.list seem to be more > common than those without. There's nothing that says only official sources can be secure :) peace, isaac
