[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: bsign-0.1.7, won't sign ssh and others

On Mon, Dec 14, 1998 at 03:18:41PM -0500, Ben Collins wrote:
> Debs have md5sums in the .dsc which is in turn signed. I was interested in
> the actual file being signed internally some how to verify the
> maintainer's sig and that it is uncorrupt.

Let me get this clear: by signing only dsc files the only guarantee we
can make is that the package uploaded to master came from the claimed
author.  Hmm.  Are you sure?  When I create my packages, I sign twice.
I thought this was once for the dsc and once for the deb.

Reply to: