Jeff Abrahamson on 23 Jan 2006 21:32:49 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] secure apt


I want to check that I've understood this correctly from reading
debian docs.  The new version of apt pays attention to gpg signatures,
but debs are not currently being signed.  It's recommended, then, that
I ignore this error on "apt-get install":

    Install these packages without verification [y/N]? y

or that I modify /etc/apt/apt.conf.d/70debconf to somehow say to
ignore signatures.

I want to be very careful about this, because it's initially difficult
to differentiate a bad signature from a broken secure apt.

Thanks much for any input.

-- 
 Jeff

 Jeff Abrahamson  <http://www.purple.com/jeff/>    +1 215/837-2287
 GPG fingerprint: 1A1A BA95 D082 A558 A276  63C6 16BF 8C4C 0D1D AE4B

Attachment: signature.asc
Description: Digital signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug