On Thu, Nov 15, 2007 at 12:53:14PM -0500, Fabian Rodriguez wrote: > If this was actually checked against a local web of trust (like > OpenPGP or Gaim-OTR keys or else) it may become interesting. But who > uses that "safely" ? :)
All packages downloaded by APT are authenticated using PGP keys provided in the default install. While it's possible to override this, it's also possible to install untrusted packages in all sorts of other ways, so people who ignore security warnings are already in bad shape regardless of whether they're using something like apt-cacher or not. -- - mdz -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
