apt-cacher in main + apt-zeroconf

Matt Zimmerman mdz at ubuntu.com
Thu Nov 15 22:51:44 UTC 2007

On Thu, Nov 15, 2007 at 12:53:14PM -0500, Fabian Rodriguez wrote:
> If this was actually checked against a local web of trust (like
> OpenPGP or Gaim-OTR keys or else) it may become interesting. But who
> uses that "safely" ? :)

All packages downloaded by APT are authenticated using PGP keys provided in
the default install.  While it's possible to override this, it's also
possible to install untrusted packages in all sorts of other ways, so people
who ignore security warnings are already in bad shape regardless of whether
they're using something like apt-cacher or not.

 - mdz

More information about the Ubuntu-devel-discuss mailing list