Rick Moen wrote: > If I started mirroring the security team's packages, would you trust > my mirror?
Your point is well made, but what makes you trust a package from the regular mirrors any more? And here's one method with potential: You check the signatures from security.debian.org and get the binaries from a mirror. The signature can even include "approved" mirrors although the proof is in the binary so it doesn't really matter *where* it comes from. If the hashes+signature match up then you're golden. >I have an honest face. ;-> [Well since I pray to DJB before bed, I'd of course disagree. :-) ] -davidu -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
