On Thu, Jul 28, 2005 at 10:42:18AM -0700, Matt Zimmerman wrote: > severity 319142 wishlist > merge 319142 250305 > thanks > > On Wed, Jul 20, 2005 at 07:44:02AM +0100, Andrew Suffield wrote: > > [EMAIL PROTECTED]:~$ md5sum > > /var/cache/apt/archives/xfonts-scalable_6.8.2.dfsg.1-3_all.deb > > a525d80fb0df950f4e9b0e3141c63d0c > > /var/cache/apt/archives/xfonts-scalable_6.8.2.dfsg.1-3_all.deb > > > > Not only is this broken and annoying, it indicates that the security > > checking code is completely non-functional. > > apt only verifies the md5sum on download; it implicitly trusts the local > cache.
Which means packages acquired via external methods, such as apt-zip, are not checked. -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -><- |
signature.asc
Description: Digital signature
