[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [RFH] The need for signed packages and signed Releases (long, long)

On Wed, Nov 13, 2002 at 02:03:55AM +1100, Glenn McGrath wrote:
> On Tue, 12 Nov 2002 15:37:11 +0100
> Javier Fernández-Sanguino Peña <jfs@computer.org> wrote:
> 
> > - accept signatures in packages when uploading to the archive.
> 
> It would be convenient if the signature was a part of the package, so the
> package can be checked where ever it goes, it could be an extra file in
> the ar component of the deb.

This is already done and available in the debsigs package that I wrote for
Progeny (now maintained by Branden, it looks like).  What's all this wheel
reinventing?

> It would only need to sign the control.tar.gz as the contents of the
> data.tar.gz could be verified from the ./md5sums within control.tar.gz
> 
> 
> Glenn
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
Reply to: