On Fri, Jan 11, 2008 at 12:53:08PM -0500, Joey Hess wrote: > Noah Meyerhans wrote: > > We mention all the binary packages in the advisory because they're the > > versions that are going to be installed by apt* and people are going > > to want checksums, file sizes, etc. > > .. For no good reason, since apt checks all those things for you. > > That information is a confusing relic, and could be removed from the > advisory templates.
I agree, but there's no concensus within the security team about this. The argument is that not all sites can or choose to use apt to install updated packages, and that we should make it reasonably convinent for these sites to verify package integrity via other means. noah
signature.asc
Description: Digital signature
