Honestly, I wonder how many people here are going to worry about apt file signature verification while simultaneously running "bundle install" with a gemfile containing 50 sources including random github HEADs.
Is there an easy way to re-validate that previously installed .debs haven't been modified? Perhaps a script to at least check all the debs in the local apt archive cache?<p>Also, does it really affect regular apt-get upgrades? "apt-get download" isn't a common way to run apt.
That feel when you see a Debian Security Advisory on the top of HN. Common guys, don't scare me to death. It thought this was going to be heartbleed all over again.
Seeing this almost makes me want to switch back to Slackware for good. Using a Debian based OS has made me lazy; I love the convenience of being able to apt-get whatever I want to install instead of downloading the source and building my own packages. But when you can't even trust the package manager on the most widespread* distro? Basically every single package on my system is now suspect (I did immediately upgrade apt but any damage is already done).<p>*Speaking in terms of the number of derivatives that also use apt