Joey Hess <[EMAIL PROTECTED]> wrote: > Goswin von Brederlow wrote: >> > dpkg that it is downgrading the package, and a clever attacker might >> > avoid even that.
>> How would you avoid it? > Make the replacement package really be a different package entirely, of > a higher version than the package it purports to replace. > I think aj had some more examples along these lines the last time this > came up. I still don't understand how you change the version number (or the package-name) without breaking the signature. cu andreas