Benjamin Schulz schrieb:
how can i proof, that the package is ok? md5sum is not satisfactory.
why not?
imagine that a package, which is provided on a server, is manipulated
(trojan). there would be no problem for the bad guy to manipulate the
md5sum, too (if provided on the same server). he just has to build it
from the new package (trojan) and then replace the old one with the new.
signatures of files can not be as easily manipulated as md5sums.
therefore you need to have the secret key and passphrase to sign the new
package.
Thanx to everybody for your hints.
Greetings,
Fred
