Re: bsign-0.1.7, won't sign ssh and others

To: Ben Collins <bmc@visi.net>
Cc: Debian-Devel <debian-devel@lists.debian.org>
Subject: Re: bsign-0.1.7, won't sign ssh and others
From: Oscar Levi <elf@buici.com>
Date: Mon, 14 Dec 1998 12:59:03 -0800
Message-id: <[🔎] 19981214125902.H17178@hazel.buici.com>
In-reply-to: <[🔎] 19981214151841.F7724@visi.net>; from Ben Collins on Mon, Dec 14, 1998 at 03:18:41PM -0500
References: <[🔎] 19981214012036.B15760@hazel.buici.com> <[🔎] 19981214100746.G4973@visi.net> <[🔎] 19981214111523.F16780@hazel.buici.com> <[🔎] 19981214151841.F7724@visi.net>

On Mon, Dec 14, 1998 at 03:18:41PM -0500, Ben Collins wrote:
> Debs have md5sums in the .dsc which is in turn signed. I was interested in
> the actual file being signed internally some how to verify the
> maintainer's sig and that it is uncorrupt.

Let me get this clear: by signing only dsc files the only guarantee we
can make is that the package uploaded to master came from the claimed
author.  Hmm.  Are you sure?  When I create my packages, I sign twice.
I thought this was once for the dsc and once for the deb.

Reply to:

Follow-Ups:
- Re: bsign-0.1.7, won't sign ssh and others
  - From: Ben Collins <bmc@visi.net>

References:
- bsign-0.1.7, won't sign ssh and others
  - From: Oscar Levi <elf@buici.com>
- Re: bsign-0.1.7, won't sign ssh and others
  - From: Ben Collins <bmc@visi.net>
- Re: bsign-0.1.7, won't sign ssh and others
  - From: Oscar Levi <elf@buici.com>
- Re: bsign-0.1.7, won't sign ssh and others
  - From: Ben Collins <bmc@visi.net>

Prev by Date: Re: PREVIEW: bsign embeds hash and/or digital signature in ELF files
Next by Date: Re: DPLs : what do you think about ...
Previous by thread: Re: bsign-0.1.7, won't sign ssh and others
Next by thread: Re: bsign-0.1.7, won't sign ssh and others
Index(es):
- Date
- Thread