|
@@ -86,7 +86,7 @@ update() {
|
|
|
# add new keys from the package;
|
|
# add new keys from the package;
|
|
|
|
|
|
|
|
# we do not use add_keys_with_verify_against_master_keyring here,
|
|
# we do not use add_keys_with_verify_against_master_keyring here,
|
|
|
- # because we "update" is run on regular package updates. A
|
|
|
|
|
|
|
+ # because "update" is run on regular package updates. A
|
|
|
# attacker might as well replace the master-archive-keyring file
|
|
# attacker might as well replace the master-archive-keyring file
|
|
|
# in the package and add his own keys. so this check wouldn't
|
|
# in the package and add his own keys. so this check wouldn't
|
|
|
# add any security. we *need* this check on net-update though
|
|
# add any security. we *need* this check on net-update though
|