Drew Scott Daniels consulted the pineal gland: > Please see http://monk.debian.net/apt-secure/ for more information and > to download Debian packages. > There's also a mirror here: > http://people.debian.org/~walters/monk.debian.net/
are there plans to sign (with some given key, preferably one of yours on the keyring) the repository at http://monk.debian.net/debian/? other than that source, i've been able to update with no problems. how much testing has gone into testing badly-signed packages, or packages which are properly signed but don't match the latest Releases file (possible MiM attack where an old, vulnerable but signed package is substituted for the correct one)? is some needed? -- nick black <[EMAIL PROTECTED]> "np: nondeterministic polynomial-time the class of dashed hopes and idle dreams." - the complexity zoo
