summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPovilas Kanapickas <povilas@radix.lt>2022-08-06 15:43:46 +0300
committerPovilas Kanapickas <povilas@radix.lt>2022-08-06 15:43:46 +0300
commit5e4d241e273e32cfc72c80526e8951a767efaaeb (patch)
tree0074f795ff5bc1c55990425c7acb9b023962616e
parent2d87af57ea52cb37c60103abb6468e0ad44864ff (diff)
doc: Explain that apt-get download ensures package authenticity
The documentation currently does not specify whether `apt-get download` verifies the authenticity of downloaded packages or not. The underlying code does verify the authenticity of packages as usual and would fail if the package signature is invalid. Therefore it makes sense to make this guarantee explicit in the documentation, because without it security-conscious users will likely want to recheck the signatures or checksums manually which is not necessary in this case and just wastes time.
-rw-r--r--doc/apt-get.8.xml3
1 files changed, 2 insertions, 1 deletions
diff --git a/doc/apt-get.8.xml b/doc/apt-get.8.xml
index 9ecd10c19..895f24034 100644
--- a/doc/apt-get.8.xml
+++ b/doc/apt-get.8.xml
@@ -228,7 +228,8 @@
<varlistentry><term><option>download</option></term>
<listitem><para><literal>download</literal> will download the given
- binary package into the current directory.
+ binary package into the current directory. The authenticity of
+ the package data is ensured as usual.
</para></listitem>
</varlistentry>