Re: insecurity/threat of rpm, urpmi, apt-get installs?

From: kavol (
Date: 10/15/04

Date: Fri, 15 Oct 2004 10:47:30 +0200

> The Debian packages that you install are not signed. (This is related to
> complicated reasons involving the multiple machines and automated
> processes that produce these .debs. The situation may change in the
> future.)

thanks, I was not aware of this - I thought that the debian packaging has
the signing capability and that it is used automatically
... and since I am going to maintain one Debian based system, it is quite
important info (considering the fact that Debian download servers were
hacked in the past ...)


Relevant Pages

  • Building Debian packages
    ... Ive been reading the Debian GNU/Linux Bible published by Wiley in 2005 which gives a good run through of building debs using dh_make and its relted tools but Im a little confused about the best way to layout the directory structure. ... My question is, if i replace the source tree with an updated version, say 4.0.2 when its released, I will loose the debian directory, and withit, the changelog file. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx with a subject of "unsubscribe". ...
  • Re: Which Linux distribution for Fortran 95?
    ... flavour of Linux - after all, ifc always has worked on Debian with a ... >>couple of years back and soon realized that RPM dependency is a hell. ... It'd be better if vendors made the trouble to make .debs -- if they ... an rpm destined for one distrib onto another distrib (it works in some ...
  • Re: List of packages in a stable i386 base install?
    ... all base debs will be there. ... Debian doesn't break that much on its own. ... Debian Etch install CD in rescue mode. ...
  • Re: security (malware) issues in Linux bases OSes
    ... debs or rpms on the internet. ... popular to infect these OSes by making a user install something like ... Debian have package signature signing and checking years ago, ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
  • Re: Chromium Browser Paralysis
    ... I don't think advising against using Debian software is in the best ... Providing debs of Chromium is like providing debs of Enlightenment's ... for appropriate packaging given the speed of Debian packaging. ...