[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Proposal: increasing mirror security

[ hope you don't mind me cc'ing the list, but I think I didn't detail an
  important point. ]

On Mon, 25 Jan 1999, Vincent Murphy wrote:

>  i would favour another field in the .deb package format which contains a
> signature, which can be used by apt or whatever to verify that it is
> genuine.  however, i understand that modifying the package format isn't a
> viable solution where backward-compatability is a priority.

Ok, there could be a package by package basis.  I was going for the
simpler pgp signature of the entire Packages file itself.  Since the
packages file contains md5sums, there is a decent check on package by
package basis already in apt.

Thanks for seeing this,

+---                                                              ---+
| Brandon Mitchell * bhmit1@mail.wm.edu * http://bhmit1.home.ml.org/ |
| The above is a completely random sequence of bits, any relation to |
|               an actual message is purely accidental.              |

Reply to: