[linux-elitists] [RANT] Debian the Elitist Distribution?
Sun Feb 15 12:54:30 PST 2004
On Sun, Feb 15, 2004 at 12:36:18PM -0800, Rick Moen wrote:
> Release files are in turn signed by the master package-releasing
> program's gpg key, and the hash stored in Release.gpg in the same
> directory. If you're utterly paranoid, you can configure your system
> checks _that_ signature against the debian-keyring set.
In fact, apt 0.6 in experimental defaults to performing this check (as
well as checking the md5sums of the packages, of course).
More information about the linux-elitists