l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
August 5: Social gathering
Next Installfest:
TBD
Latest News:
Jul. 4: July, August and September: Security, Photography and Programming for Kids
Page last updated:
2001 Dec 30 17:10

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] apt-get secure?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] apt-get secure?



begin: Hempstah T <lugod@os2man.cjb.net> quote
> * Mark K. Kim <markslist@cbreak.org> [010919 20:30], about 
> 
> :I was wondering if apt-get (the program that auto-updates Debian files?)
> :downloads files securely (ie - signed downloads)?  I feel the auto-updates
> :are one of the biggest advantages of Debian but I'd be reluctant to try
> :it if the daily updates of packages are insecure downloads.
> 
> Signed package support is an upcoming feature for apt-get (iirc).

ajay, do you remember where you heard this?  i've also been wondering about
this issue.

> wouldn't really worry about all that stuff too much, it's definitely a
> possible concern always, basically anytime you download anything from
> anywhere it's possible that someone's doing something funny with the
> package.  I doubt any of us consistently check package signatures
> personally!

agreed.   also, the debian website makes md5sums available for every package.
if you suspect funny business, you can always download the package itself (as
opposed to using apt-get) and check it by hand.

i'm not sure i'd trust redhat's ftp site or rpmfind any more or less than
debian's package sites.

> (who just had a guy from Pac Bell come over, hopefully that'll be the last
> time I'll have to see a DSL guy!  (He seems to have been the, if not one of
> the, most knowledgeable people I've dealt with.  He switched the two lines
> in my house around at the b-box (sp?), since the other is more reliable.))

interesting.  it's also been my experience that "pacbell" is alot more
knowledgeable and helpful in person than over the phone.

overall, i i've heard an overwhelming majority of people say that omsoft
is a better way to go than pacbell.  i haven't had as much trouble with
pacbell as, say, bill.  but i think i've been fairly lucky with pacbell.

pete

-- 
"The following addresses had permanent fatal errors..."      p@dirac.org
                               -- Mailer Daemon              www.dirac.org/p


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.