Thread: Once again N900 apps win!
View Single Post
zimon is offline zimon
2010-12-19 , 23:20
Posts: 1,341 | Thanked: 708 times | Joined on Feb 2010
#19
The start would be if developers would start to GPG-sign their packages with debsig.

Then at least there would be some traces where the backdoor or other type of Trojan horse came from.

It is a fact, people has and will be installing deb-packages also out of apt-repositories.

And we could have something else in /etc/dpkg/dpkg.cfg
# Do not enable debsig-verify by default; since the distribution is not using
# embedded signatures, debsig-verify would reject all packages.
no-debsig
Meego will hopefully fix this problem with rpm-package system, which usually has signed packages granted.
Last edited by zimon; 2010-12-21 at 18:33. Reason: Added a link how rpm package signing is initially set up for automatic signing.
 

The Following User Says Thank You to zimon For This Useful Post: