On Sun, Aug 16, 2009 at 05:04:21AM -0500, Dave Sherohman wrote: > Always obtain your checksums via an alternate (cryptographically- > secured) path, not directly from the data they're being used to verify.
The Debian package management system uses a different strategy: The path itself need not be secure (because, well, nobody really likes the central CA approach of SSL ;-) ). Rather, the distribution signs the media itself (Packages, Sources and Release files). (In case the torrent content in question is debtorrent and alike) -- Tzafrir Cohen | tzaf...@jabber.org | VIM is http://tzafrir.org.il | | a Mutt's tzaf...@cohens.org.il | | best ICQ# 16849754 | | friend -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
