Re: Debian packages without md5sums



On Thu, 13 Sep 2007 12:29:28 -0700, Andrew Sackville-West wrote:

On Wed, Sep 12, 2007 at 09:25:39PM +0000, Felix Karpfen wrote:

How do you use the key(s) listed in "/etc/apt/trusted.gpg" to
authenticate the individual installed packages.

sorry, beyond me. on my system it just works.


Does "untrusted" have the meaning assigned in "gpg" - i.e. "the content
has not been altered, but the signer is unknown"?

I'm not sure.


If so, then I am worrying about nothing!!

not if the package is a compromised package that's been signed by the
compromiser so that its signature is good but from an untrusted
source, but we're outside my understanding here.

Mine too.

But an out-of-sync repository sounds a much worse fate that the remote
possibility that packages on Etch DVDs (from a reputable supplier) were
tampered with and then gpg-signed by the tamperer.

Thank you for sharing your experience.

Felix



--
Felix Karpfen
Public Key 72FDF9DF (DH/DSA)


--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx



Relevant Pages

  • Re: I have an Openoffice question for small business.
    ... I used it some times ago but can not remember the exact syntax, but you should be able to quickly find some samples on debian's forums. ... Search for apt-pinning (the name of the technique iirc) and you should find nice examples in debian's forums. ... This technique is more often used to only use some packages from testing/unstable/experimental on stable, but you should be able to adapt it for your needs easily: simply give very low priorities to the packages you want. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)
  • Re: etch --> testing
    ... | matter is there any information about when a lenny freeze might happen? ... packages, desktop effects, etc. ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx with a subject of "unsubscribe". ...
    (Debian-User)
  • Running testing? -- read this.
    ... are helping us test our development packages. ... an end user is one who does not care ... To UNSUBSCRIBE, email to debian-devel-REQUEST@xxxxxxxxxxxxxxxx ... Trouble? ...
    (Debian-User)
  • Re: 3d acceleartion
    ... there is absolutely no 3d acceleration. ... Either install the debian packages for xfree from dri.sf.net (check the ... you could build it and get 3d support. ... > with a subject of "unsubscribe". ...
    (Debian-User)
  • Re: IPMI problem compiling linux 2.6.28.5 in Debian Way
    ... gcc and other important packages. ... Where the directory clean when you decompressed the sources? ... could conflict? ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)