[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: md5sums (was Re: System integrity...)

Am Mon, 14 Jun 1999 schrieb Chris:
> On Sun, Jun 13, 1999 at 03:46:42AM +0200, Martin Bialasinski wrote:
> <snip> 
> > CL> What is the criteria that determines which packages get .md5sums
> > CL> files stored in /var/lib/dpkg/info/ ??
> > 
> > The file is created during debian/rules binary by dh_md5sums or other
> > means.
> > 
> Yes...but I wasn't sure if there was policy requirement for this or not(?).
> Or is it just "a good thing"(TM)?
What is the current situation about signing binary packages with
Debian-developer PGP-keys ? I think all Debian packages should be signed in
some form (PGP, GPG). Would it be enough to sign packages with the own
(developer) key when this key is in the debian-keyrings package, signed by the
official Debian key ? Are there any security holes in this procedure ?


Rene Mayrhofer, ViaNova KEG             NIC-HDL: RM1677-RIPE
Email: rmayr@vianova.at                 Snail: Penz 217, A-4441 Behamberg

PGP(DSS): E661 2E45 9B7F B239 D422  0A90 A4C2 DA09 F72F 6EC5
PGP(D/H): B77F 51A8 B046 87A6 4D61  2C5D 742F F433 6732 E4DC
PGP(RSA): 5D D4 FD A6 CE AF 4B 82  67 7F 59 89 58 CA 61 0D
GPG:      5E50 BDA0 E0B7 75A7 08AA  1123 0A4C 9474 CAA2 658B

Reply to: