[PLUG] Re: rpms
Colin Kuskie
ckuskie at dalsemi.com
Wed Sep 11 23:23:24 UTC 2002
On Wed, Sep 11, 2002 at 04:16:21PM -0400, Rich Shepard wrote:
>
> B) Since Karl hasn't offered the suggestion, I will. :-) Get yourself a
> copy of apt-rpm and install it. It's easy, quick and wonderfully useful.
> Then you can 'apt-get install ...', 'apt-get update ...' and so on. Very
> handy during the 7.3 upgrade here.
One thing I've always wondered about apt*, is how in the world you
can trust the sources of the RPMs. Wouldn't it be the easiest thing
in the world to hack one of the repository machines, corrupt the
RPMs with backdoors and automatic installation notifications and then
alter the MD5 sum information so that it checks out? Then you
watch the vulnerable systems roll in.
Is this where someone explains the wonders of PGPGPG to me?
Colin
More information about the PLUG
mailing list