On tiisdei 28 July 2009, Nico Golde wrote: > > a solution > > would be to require verification against signed known hashes of the > > external files (the hashes could be part of the signed debian package). > > i personally would like to go through and file RC bugs on all these > > problematic packages, but there has yet to be any consensus on the > > issue: http://lists.debian.org/debian-devel/2009/02/msg00461.html > > To be honest I know of none package other than flash in > non-free which isn't supported but also uses hashes to > verify the files that uses that. There may be others but I > am pretty sure they aren't very widely in use.
msttcorefonts downloads font .cabs but checks their hash before extracting them. Thijs
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
