On Thu, Feb 08, 2001 at 07:30:08PM +0000, Jim Breton wrote: > On Thu, Feb 08, 2001 at 08:22:47PM +0100, Christian Hammers wrote: > > > Currently it won't. :-\ You would have to get the packages yourself > > > and check the md5sums. > > Which were of course altered by the cracker. Bad idea. > > No. I'm talking about the md5sums listed in the security advisories > sent by the Debian project. These messages are signed with their GPG > keys; if these messages are invalid or have been compromised and the > signatures still verify, then we have some far more serious problems.
for the debian-developer keys: apt-get install debian-keyring -- BOFH excuse #93: Feature not yet implimented
pgpvvYXcAP8mw.pgp
Description: PGP signature
