checksums of packages
bruce.dubbs at gmail.com
Sun Aug 22 17:03:17 PDT 2010
> 2. This means it could be possible for some package to have
> false checksums on the whole internet?
> So you can't be absolutely sure, that you have downloaded a package
> in the form the maintainer built it?
It's possible, but quite unlikely. It would be discovered and all over
the net pretty quickly. There are a lot of packages that have optional
crypto signatures too. See e.g. openssl.
More information about the blfs-support