Re: md5sums files
On Wed, Mar 03, 2010 at 03:14:04PM -0800, Russ Allbery wrote:
> Harald Braumann <email@example.com> writes:
> > Completely agreed. Also, because playing around is always more fun than
> > just talking, I've attached a script that signs/verifies binary
> > packages. Dpkg doesn't seem to mind the extra files.
> > This script signs each file in the package individually, but it could
> > also concatenate them all alphabetically and create just one signature.
> See debsigs.
Ah, thanks, good to know.
> There have been previous discussions on debian-devel about this. I
> believe DAK does not allow packages signed using debsigs to be uploaded.
> I'm not sure if that's out of objection to the entire concept, or whether
> there are just technical issues that need to be resolved first. (I
> probably would know if I had a better memory for the previous discussion,
> but unfortunately I appear to have recycled those brain cells.)
Maybe this ?
Also, it seems, that people have `discussed' it, and that there was
experimental support in dpkg for it . The proposal, that came out of
this discussion is outlined in . This was in 2000 ...
I haven't found any specific reasons why it was never implemented. I guess
the reason is just that it's hard to do. Not the technical side, but
defining the processes.