-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Boyd Stephen Smith Jr. wrote: > On Monday 02 March 2009 12:05:20 marca...@gmail.com wrote: >> I am using a repository that doesn't sign its package. I know and >> trust it. > > That's not exactly what the signatures are about. They are mainly about > preventing MitM attacks, whether from mirror administrators or someone > attacking your internet connection directly.
Or earthly things like failing disks or failing network connections. It's always good to _verify_ that the software arrives as intended by the packager... Cheers, Johannes -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmtf/gACgkQC1NzPRl9qEV2xACeKpRITgXfxAvlq77o9HcJM4Ca XkYAn2wH1FUG+F3WjU21WqYfruj4Fjle =1qZ2 -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
