LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Validity checking - should be mandatory?

Validity checking - should be mandatory?

Posted Sep 18, 2008 4:51 UTC (Thu) by kripkenstein (subscriber, #43281)
In reply to: Validity checking - should be mandatory? by BenHutchings
Parent article: Adding a signing key to RPM

That makes sense, but I think I saw installation begin after a few of the downloaded files were corrupt. That is, apt-get might verify the signatures after downloading, but it doesn't first verify them all and only if they all pass then actually begin installation (or, at least verify that all dependents have been verified ).

That, or I really misanalyzed what was going on in that system - could be. But I did see the actual downloaded files were corrupt, and that installation did begin and only halted somewhere during that process.

(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds