There is indeed signing for Ubuntu ppas, but that's specific both to apt
and to the ppa system.
Sam
On Fri, Apr 2, 2021, 9:29 PM Sage Gerard wrote:
> No, I'm just looking for extra confidence when verifying installers.
>
> On that note, did Ubuntu require someone to sign packages to distribute
No, I'm just looking for extra confidence when verifying installers.
On that note, did Ubuntu require someone to sign packages to distribute
packages via apt? Can that be repurposed here?
On 4/2/21 12:26 PM, James Platt wrote:
>
> Are you bring this up because of the recent rise of dependency
Hi James,
If you are worried about dependency confusion attacks, you can set up your
own package catalog on an internal server, delete the default catalogs from
racket and add only a reference just your internal catalog. This way,
"raco pkg install" will install all packages (and all their
Are you bring this up because of the recent rise of dependency confusion
attacks? In any case, it would be good to know where Racket stands with that.
On Apr 1, 2021, at 12:39 PM, Sage Gerard wrote:
> Are there any plans to publish GPG signatures for Racket installers, or
> at least
4 matches
Mail list logo
