Marc Haber wrote...
> On Wed, Dec 21, 2016 at 09:31:23AM +0100, Joerg Jaspert wrote:
> > Now, if you want to manually download a .deb and dpkg -i it - then you
> > have to manually do the same steps apt & co do: Get the corresponding
> > packages and (In)Release files, verify its signature validat
On Wed, Dec 21, 2016 at 09:31:23AM +0100, Joerg Jaspert wrote:
> Now, if you want to manually download a .deb and dpkg -i it - then you
> have to manually do the same steps apt & co do: Get the corresponding
> packages and (In)Release files, verify its signature validates against
> the archive key,
On 14527 March 1977, Christoph Biedl wrote:
> Well, this creates trust for the path until (but excluding) that
> particular mirror only. Can I trust the mirror? And even if, there's no
> guarantee the mirror got the data through a trusted path.
And why the heck would you ever trust any mirror? If
3 matches
Mail list logo
