On Fri, Jan 19, 2024 at 03:22:52PM +0000, Albretch Mueller wrote: > On 1/19/24, Max Nikulin <maniku...@gmail.com> wrote: > > Precise steps > > depend on degree of your paranoia. > > ... and mine is of the totally irrevocable, even joyful kind; so, > where are the steps? > > I have always believe that Debian’s basic assumptions about using the > Internet as a relatively secure, “private” venue are definitely more > worryingly irrational than my paranoia. > > I think at some point I will have to learn more about Debian’s apt > utility. Any documentation you would suggest explaining it all from > the protocoled structure of deb packages to the various installation > procedures depending on degree of paranoia? When I learn something I > like to learn all of it. >
What aspect? apt sits on top of package dependencies, package signing, package validation ... And apt succeeds / parallels aptitude and apt-get. Apt-get succeeded dselect which superseded dpkg commands. The base is still dpkg and keeping track of package dependencies in some sense. All the very best, Andy (amaca...@debian.org) Where do you _actually_ want to start > I tend to only mind what I am working on. I would just use an > unexposed computer and/or do things by hand/on paper if possible, but > you can’t do algorithmic simulations and tests by hand. > > lbrtchx > > On 1/19/24, Max Nikulin <maniku...@gmail.com> wrote: > > On 18/01/2024 12:45, Albretch Mueller wrote: > >> On 1/14/24, Max Nikulin wrote: > >>> Generally just pay attention that GPG keys for repositories are obtained > >>> through trusted channels. > >> > >> How do you functionally (that is, give me the step-by-step command > >> line statements, ... in order to) do that? > > > > Verify installation (or live) image to have initial keyring > > > > https://lists.debian.org/msgid-search/uobl6l$i21$1...@ciao.gmane.io > > Re: Correction to last message for Debian 11 and Debian 12. Thu, 18 Jan > > 2024 23:55:48 +0700. > > > > Optionally install necessary keyring packages. > > > > When adding a third-party repository, evaluate that GPG key you are > > going to add really belongs to repository maintainers. Precise steps > > depend on degree of your paranoia. >