GetDeb Project
João Pinto
lamego.pinto at gmail.com
Wed Oct 17 14:15:21 UTC 2007
> I disagree. If I'm pulling a .deb from LP over https, I have a lot more
> confidence in that than one that's signed, but from some external site.
Not
> ideal, but it's better.
Scott,
if your trust is based on the URL of the download and not on the PGP
signature validation, then you do not care or you do not understand what is
the PGP signature role.
I strongly recommend you some reading like:
http://cryptnet.net/fdp/crypto/strong_distro.html
http://wiki.debian.org/SecureApt
Best regards,
--
João Pinto
IRC: Lamego @ irc.freenode.net
Jabber ID: lamego.pinto at gmail.com
GetDeb Project Manager - http://www.getdeb.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20071017/24824f70/attachment.html>
More information about the Ubuntu-devel-discuss
mailing list