13 Sep 2002 gilbertt   » (Master)

daniels writes:

There are no signatures on individual .debs, so it's a security check to stop people hijacking servers, and redirecting the libc6 deb to a trojaned version, or the like. It's a deliberate omission.

How does not following redirects help, exactly? Surely the level of "hijack" required to add a redirect to the webserver configuration is just as high if not higher than that needed to replace the libc6 deb on the server itself.

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!