APT Secure is the working name of a project to add to APT the ability to verify the authenticity of Debian packages.
APT and its surrounding infrastructure contain a chain of trust from the developer to the end user. In versions prior to 0.6, this chain is not authenticated by the installing machine. APT Secure fixes that problem.
As of Christmas, 2003, the version of APT in experimental (0.6 and later) contains the APT Secure patch, with some changes. Simply apt-get install apt/experimental. Users of previous versions of APT Secure should remove the vendor annotations from their sources.list file, since these may now cause parse errors.
Note that this work is a separate project from that which seeks to add signatures to the .deb files themselves. More on that project can be found here.
| Next | ||
| Status |