|
From: | Glenn Morris |
Subject: | bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed |
Date: | Tue, 24 Jun 2014 01:56:56 -0400 |
User-agent: | Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) |
Stefan Monnier wrote: > SSH does it this way and nobody really complains loudly about it: > basically, you have to trust the initial connection, but not subsequent > ones (since you already have the key at that point). OK, true. I guess yum and apt basically work the same. IIUC, you get a default key(s) when you first install the OS. This is then used to check subsequent updates. So you have to trust your initial download of the base OS.
[Prev in Thread] | Current Thread | [Next in Thread] |