Re: How to verify package integrity after they have been downloaded?
In article <[🔎] c7b40f9d0804051611r6e7f965aw24ed1038237901ba@mail.gmail.com> you wrote:
> If you are talking about automating the verification process, that
> wouldn't quite work. The system that downloads the packages might have
> been compromised. The files that I would sign on that system might
> have been already modified at the time when I sign them.
Yes you are right, does not work in your scenario.
But you can use the unsecure system as a proxy and use apt-get/secure on the trusted machine.
Gruss
Bernd
Reply to: