reassign 454666 apt thanks On Thu, Dec 06, 2007 at 02:33:06PM -0800, [EMAIL PROTECTED] wrote: > Exploitation of this flaw would allow an attacker to > substitute arbitrary code for any legitimate Debian package > using a "man in the middle" attack undetected whenever a > user is installing new software, or to put up a debian > mirror site or repository containing arbitrary code > disguised as legitimate Debian software and having the same > checksums.
dpkg does at no time verify anything about the origin of packages. Only apt does. Gruesse, -- Frank Lichtenheld <[EMAIL PROTECTED]> www: http://www.djpig.de/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
