Goswin von Brederlow <[EMAIL PROTECTED]> writes: > The archive signing key gives absolutely no integrity ensurance on the > deb package. The only thing it insures is that the file was not > altered _after_ leaving ftp.de.debian.org for the mirrors and/or > user. In no way does it prevent altering the deb on ftp-master.
Isn't that a useful assurance? Perhaps I trust the maintenance of ftp-master, but not the maintenance of Joe Random Mirror. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
