On Thu, Mar 18, 2010 at 04:52:07PM -0700, Russ Allbery wrote: > You add an additional ar member that contains the signed checksums of all > of the files in data.tar.gz, possibly another additional member that > contains the signed checksums for control.tar.gz, or you document some > convention so that you can combine both into the same signed checksum > document. That'd work pretty well, indeed. It would also have the advantage of making it theoretically possible to reverse the addition of the signatures again, should one want to re-verify against the original .changes file for some reason. That's of course assuming that the combination of "ar a" and "ar d" in whatever way dpkg does that is idempotent, but I don't see why it couldn't be. And as you say, this can be implemented in dak. That would have the advantage of not requiring keys on the buildds. So now that it's been reduced to a technical problem, who's going to do the implementation? I'm prepared to look at a dpkg patch, but Python just does not work for me. > There are other implementation methods possible, but that's probably the > most obvious one. Yes, agreed. -- The biometric identification system at the gates of the CIA headquarters works because there's a guard with a large gun making sure no one is trying to fool the system. http://www.schneier.com/blog/archives/2009/01/biometrics.html
Attachment:
signature.asc
Description: Digital signature