On Tue, 2003-12-30 at 18:19, Adam Barton wrote: > Are the packages verified that they are indeed a genuine debian update?
Others have answered your other questions, so I figured I'd hit this. Yes, they are. While each individual package isn't signed, there's a Release file downloaded with apt-get update which is. This signed release file contains md5 checksums of all the Packages files, which contain information about the packages, including their md5s. -- Stephen Touset <[EMAIL PROTECTED]>
signature.asc
Description: This is a digitally signed message part
