Re: Proposal: increasing mirror security
[ hope you don't mind me cc'ing the list, but I think I didn't detail an
important point. ]
On Mon, 25 Jan 1999, Vincent Murphy wrote:
> i would favour another field in the .deb package format which contains a
> signature, which can be used by apt or whatever to verify that it is
> genuine. however, i understand that modifying the package format isn't a
> viable solution where backward-compatability is a priority.
Ok, there could be a package by package basis. I was going for the
simpler pgp signature of the entire Packages file itself. Since the
packages file contains md5sums, there is a decent check on package by
package basis already in apt.
Thanks for seeing this,
| Brandon Mitchell * firstname.lastname@example.org * http://bhmit1.home.ml.org/ |
| The above is a completely random sequence of bits, any relation to |
| an actual message is purely accidental. |