|
| From: | Glenn Morris |
| Subject: | bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed |
| Date: | Tue, 24 Jun 2014 01:56:56 -0400 |
| User-agent: | Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) |
Stefan Monnier wrote: > SSH does it this way and nobody really complains loudly about it: > basically, you have to trust the initial connection, but not subsequent > ones (since you already have the key at that point). OK, true. I guess yum and apt basically work the same. IIUC, you get a default key(s) when you first install the OS. This is then used to check subsequent updates. So you have to trust your initial download of the base OS.
| [Prev in Thread] | Current Thread | [Next in Thread] |