On Fri, Mar 07, 2003 at 10:08:59AM -0500, Bob Paige wrote: > I am curious about how secure the apt-get system is; is it possible to > spoof a debian server and thus send compromised updates to a given machine?
Yes, since apt-get doesn't check signatures, yet. Search the debian-devel archives for the discussion that comes up every couple of months. There are signatures on http://security.debian.org/ that you can manually verify, of course, and there are scripts out there that add this functionality to apt-get. -- Rob Weir <[EMAIL PROTECTED]> http://ertius.org/
pgp00000.pgp
Description: PGP signature
