Am 18.02.2012 18:45, schrieb Philip Hands:
He's talking about stuff like flash-nonfree (or whatever) where we
ship
a wrapper that wgets the actual tarball for you from the distributor,
and checks the checksum of whatever it ends up with.
Yes!
(perhaps if paranoid do the
download from elsewhere on a different day, make sure the checksums
match),
Actually things like this should be done, if nothing better (signatures
+ trust path) is available... of course it doesn't make things 100%
sure, but even if it gets us just some 10% likeliness of noting an
attack it's worth it (IMHO).
Cheers,
Chris.
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1f837ecb03fe0f56151a5e3c6369b...@scientia.net
