Debian Security Advisory: DSA-3025-1 apt

Honestly, I wonder how many people here are going to worry about apt file signature verification while simultaneously running "bundle install" with a gemfile containing 50 sources including random github HEADs.

So... Debian users will need to grab security fixes for `apt-get` using... `apt-get`?

Anyone know how long these bugs have been around or if they have been exploited?

Is there an easy way to re-validate that previously installed .debs haven&#x27;t been modified? Perhaps a script to at least check all the debs in the local apt archive cache?<p>Also, does it really affect regular apt-get upgrades? &quot;apt-get download&quot; isn&#x27;t a common way to run apt.

That feel when you see a Debian Security Advisory on the top of HN. Common guys, don&#x27;t scare me to death. It thought this was going to be heartbleed all over again.

Seeing this almost makes me want to switch back to Slackware for good. Using a Debian based OS has made me lazy; I love the convenience of being able to apt-get whatever I want to install instead of downloading the source and building my own packages. But when you can&#x27;t even trust the package manager on the most widespread* distro? Basically every single package on my system is now suspect (I did immediately upgrade apt but any damage is already done).<p>*Speaking in terms of the number of derivatives that also use apt