Re: Proposal: increasing mirror security

To: theDon@cs.ucc.ie
Cc: Debian Development Mailing List <debian-devel@lists.debian.org>
Subject: Re: Proposal: increasing mirror security
From: Brandon Mitchell <bhmit1@mail.wm.edu>
Date: Mon, 25 Jan 1999 10:58:55 -0500 (EST)
Message-id: <[🔎] Pine.LNX.3.96.990125105540.25226A-100000@wm7-214.resnet.wm.edu>
In-reply-to: <Pine.OSF.4.05.9901251520190.12846-100000@wisdom.ucc.ie>

[ hope you don't mind me cc'ing the list, but I think I didn't detail an
  important point. ]

On Mon, 25 Jan 1999, Vincent Murphy wrote:

>  i would favour another field in the .deb package format which contains a
> signature, which can be used by apt or whatever to verify that it is
> genuine.  however, i understand that modifying the package format isn't a
> viable solution where backward-compatability is a priority.

Ok, there could be a package by package basis.  I was going for the
simpler pgp signature of the entire Packages file itself.  Since the
packages file contains md5sums, there is a decent check on package by
package basis already in apt.

Thanks for seeing this,
Brandon

+---                                                              ---+
| Brandon Mitchell * bhmit1@mail.wm.edu * http://bhmit1.home.ml.org/ |
| The above is a completely random sequence of bits, any relation to |
|               an actual message is purely accidental.              |

Reply to:

Follow-Ups:
- Re: Proposal: increasing mirror security
  - From: Wichert Akkerman <wakkerma@cs.leidenuniv.nl>

Prev by Date: Re: dpkg --print-architecture [WAS: Release-critical Bugreport for January 25, 1999]
Next by Date: Re: Debian history timeline
Previous by thread: Re: Proposal: increasing mirror security
Next by thread: Re: Proposal: increasing mirror security
Index(es):
- Date
- Thread