l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
November 4: Social gathering
Next Installfest:
TBD
Latest News:
Oct. 24: LUGOD election season has begun!
Page last updated:
2001 Dec 30 17:10

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] apt-get secure?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] apt-get secure?



* Mark K. Kim <markslist@cbreak.org> [010919 20:30], about 

:I was wondering if apt-get (the program that auto-updates Debian files?)
:downloads files securely (ie - signed downloads)?  I feel the auto-updates
:are one of the biggest advantages of Debian but I'd be reluctant to try
:it if the daily updates of packages are insecure downloads.

Signed package support is an upcoming feature for apt-get (iirc).  But I
wouldn't really worry about all that stuff too much, it's definitely a
possible concern always, basically anytime you download anything from
anywhere it's possible that someone's doing something funny with the
package.  I doubt any of us consistently check package signatures
personally!
If you're just tracking Debian's packages, and not any one else's, in
stable, they change very infrequently, so you don't need to do daily
updates.  (weekly should be more than enough.)
And you'll know when you need to do it.  It's like the other day (mon
night), I went to do an update && dist-upgrade, and it was upgrading the
most package.  I was like, what?  I let it go, checked the changelog, and
didn't think about it too much, assuming I'd hear about it.  And I did, the
next day they put out the security alert.
That was probably a hard to understand example, I also take faith in someone
else finding these things before I get caught by them, which is usually what
happens.  (except with the kernel, that's a little diff story.. ;)

>-- End of excerpt from Mark K. Kim

hope that rambling did something for you.. ttyl!

	-Ajay

(who just had a guy from Pac Bell come over, hopefully that'll be the last
time I'll have to see a DSL guy!  (He seems to have been the, if not one of
the, most knowledgeable people I've dealt with.  He switched the two lines
in my house around at the b-box (sp?), since the other is more reliable.))

-- 
Milpitas, ca	atallam@telocity.net	HempVille, Planet Talarian
			http://os2man.cjb.net/pictures/
	"I'd rather be forgotten than remembered for giving in..."


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!