[LBo] Mint Linux
Troy
troythetechguy at gmail.com
Tue Aug 28 18:34:04 CEST 2007
> Even when a repository sign their packages, you don't "need" to check the
> signature to see if the packages are "mint" (pardon the pun ;0D).
>
> So, the goal of signing is very different from the "signed by Micro$oft".
Jisao,
Thanks for your response. If I understand correctly, signing is a way to
ensure the package is authentic (has not been hacked). By using Mint Linux,
who does not support signed packages in their repository, am I at a greater
risk for downloading and installing a hacked package?
Even if a repository signs their packages, is there still the possibility
the package could have been hacked, or is signing a package a guarantee the
package is authentic?
To help me put signing into terms I understand, is signing a package similar
to MD5 Sum?
Learning something new everyday!
Troy
More information about the QnA
mailing list