Re: Do Synaptic, Aptitude and Adept use secure-apt?
- From: "J.O. Aho" <user@xxxxxxxxxxx>
- Date: Wed, 12 Dec 2007 18:17:18 +0100
Priam wrote:
J.O. Aho wrote:
Priam wrote:
I'm thinking about moving either to Debian or Kubuntu. Does anyone know
if Synaptic, Aptitude and Adept use secure-apt? Is there an apt-get and
a secure apt, or are all versions of apt now secure?
A simple search at google gave this:
In recent releases, Debian has been using strong crypto to validate
downloaded
packages. This is commonly called "secure apt" (or "apt-secure") and was
implemented in Apt version 0.6 in 2003, which Debian migrated to in 2005.
I guess that answers your question
So, apt is now all secure-apt. My concern arose when I saw Adpet working
in Kubuntu. When you click "details" you see the packages being
downloaded, then installed. Nowhere do you see that they're checked,
MD5SUMs and signatures.
You should see that when the package in question fails the md5sum check.
There are distros that uses even more advanced hashes to check the validy of
the package, even with multiple hashes, which makes it even more difficult to
make a false package.
--
//Aho
.
- References:
- Do Synaptic, Aptitude and Adept use secure-apt?
- From: Priam
- Re: Do Synaptic, Aptitude and Adept use secure-apt?
- From: J.O. Aho
- Re: Do Synaptic, Aptitude and Adept use secure-apt?
- From: Priam
- Do Synaptic, Aptitude and Adept use secure-apt?
- Prev by Date: Re: DHCPCD on an internal LAN
- Next by Date: Re: DHCPCD on an internal LAN
- Previous by thread: Re: Do Synaptic, Aptitude and Adept use secure-apt?
- Next by thread: Re: Do Synaptic, Aptitude and Adept use secure-apt?
- Index(es):
Relevant Pages
|
