* Mark K. Kim <[EMAIL PROTECTED]> [010919 20:30], about
:I was wondering if apt-get (the program that auto-updates Debian files?)
:downloads files securely (ie - signed downloads)? I feel the auto-updates
:are one of the biggest advantages of Debian but I'd be reluctant to try
:it if the daily updates of packages are insecure downloads.
Signed package support is an upcoming feature for apt-get (iirc). But I
wouldn't really worry about all that stuff too much, it's definitely a
possible concern always, basically anytime you download anything from
anywhere it's possible that someone's doing something funny with the
package. I doubt any of us consistently check package signatures
personally!
If you're just tracking Debian's packages, and not any one else's, in
stable, they change very infrequently, so you don't need to do daily
updates. (weekly should be more than enough.)
And you'll know when you need to do it. It's like the other day (mon
night), I went to do an update && dist-upgrade, and it was upgrading the
most package. I was like, what? I let it go, checked the changelog, and
didn't think about it too much, assuming I'd hear about it. And I did, the
next day they put out the security alert.
That was probably a hard to understand example, I also take faith in someone
else finding these things before I get caught by them, which is usually what
happens. (except with the kernel, that's a little diff story.. ;)
>-- End of excerpt from Mark K. Kim
hope that rambling did something for you.. ttyl!
-Ajay
(who just had a guy from Pac Bell come over, hopefully that'll be the last
time I'll have to see a DSL guy! (He seems to have been the, if not one of
the, most knowledgeable people I've dealt with. He switched the two lines
in my house around at the b-box (sp?), since the other is more reliable.))
--
Milpitas, ca [EMAIL PROTECTED] HempVille, Planet Talarian
http://os2man.cjb.net/pictures/
"I'd rather be forgotten than remembered for giving in..."
