Re: [RFH] The need for signed packages and signed Releases (long, long)
On Wed, Nov 13, 2002 at 02:03:55AM +1100, Glenn McGrath wrote:
> On Tue, 12 Nov 2002 15:37:11 +0100
> Javier Fernández-Sanguino Peña <jfs@computer.org> wrote:
>
> > - accept signatures in packages when uploading to the archive.
>
> It would be convenient if the signature was a part of the package, so the
> package can be checked where ever it goes, it could be an extra file in
> the ar component of the deb.
This is already done and available in the debsigs package that I wrote for
Progeny (now maintained by Branden, it looks like). What's all this wheel
reinventing?
> It would only need to sign the control.tar.gz as the contents of the
> data.tar.gz could be verified from the ./md5sums within control.tar.gz
>
>
> Glenn
>
>
> --
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
Reply to: