[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [GNU-linux-libre] Help users to verify their downloads
From: |
Luke Shumaker |
Subject: |
Re: [GNU-linux-libre] Help users to verify their downloads |
Date: |
Tue, 19 Jun 2018 01:36:29 -0400 |
User-agent: |
Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (Gojō) APEL/10.8 EasyPG/1.0.0 Emacs/25.3 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) |
On Mon, 18 Jun 2018 10:11:12 -0400,
Andreas Grapentin wrote:
> Additionally, all packages downloaded using the system installed package
> manager are signed with a trusted set of maintainer keys, and packages
> without matching signatures are automatically rejected in the default
> configuration.
Additionally, even if the user disables GPG signature checking (tamper
detection), the package manager will still use sha256sum checking
(error detection).
--
Happy hacking,
~ Luke Shumaker