bendeguz wrote: > 2. This means it could be possible for some package to have > false checksums on the whole internet? > So you can't be absolutely sure, that you have downloaded a package > in the form the maintainer built it?
It's possible, but quite unlikely. It would be discovered and all over the net pretty quickly. There are a lot of packages that have optional crypto signatures too. See e.g. openssl. -- Bruce -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
