Debian/Ubuntu security apt phun

Georgi Guninski guninski at guninski.com
Wed Dec 14 10:22:26 PST 2016


On Wed, Dec 14, 2016 at 12:04:00PM -0600, Shawn K. Quinn wrote:
> On 12/14/2016 11:50 AM, Razer wrote:
> > Download the .deb package and install. Assuming ofc apt IS installable
> > from a .deb file...IDK.
> 
> Yes, if you are that worried, manually verify the .deb and install it
> with dpkg.
>

This makes some sense.

What are the exact steps to verify .deb?

To my knowledge the signature of .deb is not contained in it like in say
.rpm and one needs hashes from a signed _other_ file, which make it PITA
to install on air gapped boxen. This info might be outdated.
 



More information about the cypherpunks mailing list