Linux and Free Software :: Secure Apt

http://wiki.debian.org/SecureApt

Quote

Recently Debian's unstable and testing branches have begun to use strong crypto to validate downloaded packages. This is commonly called "secure apt" and was implemented in version 0.6. Since the documentation is fairly slim on how this all works from an administrator's point of view, this document will try to explain in detail how secure apt works and how to use it.

I didn't realize that Debian was migrating to gpg-signed packages to mitigate the problems of the soon-to-be-broken MD5 hashes. Anybody else heard of this, or have anymore information?

Is this already standard on Etch or Sid? Anybody?

debian devel list

Looks like they are talking about it, but it's not ready yet, or maybe I have misunderstood...

original here.