1
I've been reading about why encryption is not normally deployed on the apt-get network activities. And learned that it checks the signature of the data that comes from the repo, right?
But now, how does this checking occurs? How is it done to be really safe? For example, if the file and the key are in the server and are sent in an unencrypted way, how would that work? Someone could modify both...
Thanks :)
Can you clarify how this question is different from your other one, http://superuser.com/questions/990129/buntu-integrity-check? Thanks.
– fixer1234 – 2015-10-22T06:10:46.977Sure @fixer1234 :) In the other one I am asking if I am (or anyone is), particularly safe when downloading an iso file through torrent (because I never heard of someone modifying a torrent that a lot of users already have), and then getting, let's say, the md5sum from the actual website to check the downloaded iso. And that because I don't want to download from the site that dont use encryption and also get directly from there the verification checksum... And this one is about the specific check done on APT. :) – None – 2015-10-22T13:25:56.730
I decided to delete the other question because I remembered that in fact the distro cited was not the one from the question (as I was not sure at the moment. I even said that "as far as I remember". But then the correct memory came up :) Now... I guess this approach described above, when it's the only option, is a good one. That's relatively more safe... – None – 2015-10-22T16:39:44.940