You are not logged in.
Pages: 1
Hi,
I did not find a proper forum, so I'll post this here - hoping a good-mood moderator may move it if need be...sorry for any inconvenience...
I read this article:
http://www.cs.arizona.edu/stork/package … agers.html
And now...I am worried.
How do I check security?
This is an extract for wikipedia's
Repository security
Arch Linux has been criticized for a lack of signed packages.[16] Packages and metadata are not verified for authenticity by Pacman during the download-install process. Without package authentication checking, tampered-with or malicious repository mirrors could compromise the integrity of a system.[17]
found at this page:
http://en.wikipedia.org/wiki/Arch_Linux#cite_note-16
What is actually true about this? Was it written by someone that knows what they're on about??
How do tweak Pacman to be safe? If it is'nt already, that is...
Arch is the VERRRY BEST distro I've come accross (tried some like RedHat, Fedora, Debian, Puppy, Ubuntu,...) and it completely fulfills my needs (and more)...it is my primary workbeast and Lady...
Hey, it is saturday morning, I'm still trying to wake up...
Wellness
Thor
Last edited by Thor@Flanders (2010-11-06 10:53:29)
Offline
This has been discussed ad nauseam, so here's some reading material:
https://wiki.archlinux.org/index.php/Pa … ge_signing
https://wiki.archlinux.org/index.php/Pa … for_Pacman
https://bugs.archlinux.org/task/5331
http://mailman.archlinux.org/pipermail/pacman-dev/
Last edited by ssri (2010-11-06 09:18:26)
Offline
Hi,
Tnx!
Wellness
Thor
Offline
Is this actually being implemented right now or just discussed?
Offline
Did you follow any of the links? Especially the one to the pacman-dev mailing list....
Offline
Pages: 1