[Secure-testing-team] debconf9
Thijs Kinkhorst
thijs at debian.org
Tue Jul 28 19:54:36 UTC 2009
On tiisdei 28 July 2009, Nico Golde wrote:
> > a solution
> > would be to require verification against signed known hashes of the
> > external files (the hashes could be part of the signed debian package).
> > i personally would like to go through and file RC bugs on all these
> > problematic packages, but there has yet to be any consensus on the
> > issue: http://lists.debian.org/debian-devel/2009/02/msg00461.html
>
> To be honest I know of none package other than flash in
> non-free which isn't supported but also uses hashes to
> verify the files that uses that. There may be others but I
> am pretty sure they aren't very widely in use.
msttcorefonts downloads font .cabs but checks their hash before extracting
them.
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20090728/cbbf205a/attachment.pgp>
More information about the Secure-testing-team
mailing list