> I disagree. If I'm pulling a .deb from LP over https, I have a lot more > confidence in that than one that's signed, but from some external site. Not > ideal, but it's better.
Scott, if your trust is based on the URL of the download and not on the PGP signature validation, then you do not care or you do not understand what is the PGP signature role. I strongly recommend you some reading like: http://cryptnet.net/fdp/crypto/strong_distro.html http://wiki.debian.org/SecureApt Best regards, -- João Pinto IRC: Lamego @ irc.freenode.net Jabber ID: [EMAIL PROTECTED] GetDeb Project Manager - http://www.getdeb.net
-- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
