[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: unofficial package repository and the bugs system



Fabrizio Polacco <fpolacco@icenet.fi> writes:

> Very nice, but it check file integrity _after_ installation.
> What I was thinking was a system to check the _origin_ of each package,
> to be attached to each .deb 

I believe that is what Klee has in mind for the dpkgcert stuff - eventually
it will become a part of dpkg.
 
> As default we should have two keys: debian.org and non-us.debian.org

I don't think that is really necessary if we have the packages signed
by the maintainers, and distribute a maintainer key ring.  Plus, if we
do it that way, it is much easier to take a maintainers packages out
of circulation if he/she violates our trust - just remove their key
from the keyring.

Cheers,

 - Jim

Attachment: pgpTXZInc4TRn.pgp
Description: PGP signature


Reply to: