On Fri, Oct 18, 2002 at 08:24:31AM -0400, R. Bradley Tilley wrote: > Can someone explain why 'apt-get update && apt-get dist-upgrade' is not > sufficient to keep a debian system secure and updated?
Because a hacked mirror could contain malicious packages. When you check signatures before upgrading, you detect such intrusions. Of course, if the hacker managed to modify files on the master server, proper signatures would automatically get generated, and apt-check-sigs had no chance to detect these modifications. Still, checking signatures provides one more line of defense. Jan