Jim Popovitch wrote: > Here's my issue, please correct me if I am wrong. .debs and sigs both > exist on the same server. If the Windows box/network is compromised, > then the sigs and debs can be modified and who would know?
The security provided by a gpg signature is the difficulty in forging the signature, not the server that serves it. http://wiki.debian.org/SecureApt -- see shy jo
signature.asc
Description: Digital signature
