Kjetil Kjernsmo wrote:
On mandag 19 september 2005, 00:18, Hans Ekbrand wrote:
You must
expect issues like these, it is a feature... :-)
Not getting security updates automatically installed a feature? Not
in my world!
Well, imagine the security.debian.org box getting compromised, and the
attacker pumping out a trojanned "security" upgrade. You install it
automatically before the Debian folks take the box out. The attacker
has your IP too... That's a serious single point of failure for the
entire community, you know...
I prefer to read and understand the DSA, and check that the DSA is
signed with a key I trust (I'm just a hop from joey) before I do a
manual apt-get upgrade on affected machines.
But if the <insert_server_here> is compromised, won't they also have the
key?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
