Re: RFC: Signed packages and translations
On Sat, 1 Sep 2001, Christian Kurz wrote:
> > not be ascii armored since this would only introduce transmission overhead
> > and gain nothing. The file name for this file is constructed from the
> Why does it gain nothing? What about problems during transmission? The
> ascii armor output which is protected by a crc checksum would help
> notice such a transmission problem.
dpkg already has a mechanism for finding packages that have been corrupted
by transferring them in ASCII mode. I mean, the .tar.gz is already binary,
so why should the file following it be ASCII?
> > If the original filename is no more than sizeof(ar_name)-2 bytes long, ".s"
> > is appended to it. If it is longer, the part of the file name before the
> .s? Another new extension? If you want to achive confusion for our users
> and developers, that's a possible way to go. If you really don't want to
> use ascii armor, then the extension should be .sig or if you use
> ascii-armor then .asc.
The problem here is the filename length limit. I would have gone for
".sig" otherwise. Besides, you will only see those if you look at .deb
files directly.
> > - An end user can verify who built the .deb file.
> And how many developers does a end user personally know, so that he
> trust them? In my humble opinion, this will not gain anything for the
> end-users.
Point taken. I still would like to keep the maintainer's signature in the
archive, but that's optional as long as the packages are signed by
someone.
> > - Modify the autobuilders and existing developer scripts ("debsign") so
> > that they call dpkg-deb to sign the packages additionally to signing the
> > .changes file.
> Sign packages build by an auto-builder?
Of course. katie needs to verify that they were indeed created by an
"official" autobuilder.
Simon
--
GPG public key available from http://phobos.fs.tum.de/pgp/Simon.Richter.asc
Fingerprint: DC26 EB8D 1F35 4F44 2934 7583 DBB6 F98D 9198 3292
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!
Reply to: