On 2020-02-01 01:38, Greg Troxel wrote: [---] > If you can't trust your local storage, you have no basis for getting > anything at all right. Your local storage is where the public keys are > stored that you use to validate, where you store files in installed > packages, and where you store /usr//bin/login. Seriously - if you can't > trust your local computer, it's all over.
Sure, but I meant explicitly local storage with regards to the packages only -- they could be stored in a directory which is shared among other users, for instance. I.e. the packages could in theory be manipulated, but the tools to validate them can't. -- Kind Regards, Jan