Am Fre, 2002-09-20 um 09.58 schrieb Adrian von Bidder: > To my knowledge, although Release files are signed, packages are not, > and not even the Release file signatures are usually checked. > > :-/ > > So, theoretically, the need for trusted downloads exists today. Or the > need for the security infrastructure to be completed.
what about https-mirrors? i think this is the easiest way (without changing code or force the user to tunnel manually) to support some kind of security. cu -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
