Official Debian digital 'branding' of debs

To: debian-devel@lists.debian.org
Subject: Official Debian digital 'branding' of debs
From: Gunnar.Isaksson@saab.se
Date: Fri, 18 Jun 1999 10:43:49 +0200
Message-id: <[🔎] 376A06C5.F365D0E1@saab.se>

Dear Sirs,

I have noticed that debian sources are PGP signed by their
package maintainers but the debian binaries are not signed.

Since I work in a very security aware environment I would
like every debian binary to also be PGP signed.

For this to be useful for an enduser like me an official
debian PGP signature could be added to every source and
binary package. I would then only have to make a signature
check against the official signature to prove that I am
dealing with an authentic package.

This official 'branding' could be done when moving packages
from incoming into the debian ftp tree.

Sorry if I sound paranoid but RedHat has their packages
PGP signed and it's a piece of cake to find out if I have
an official rpm or not. People at my work are seriously
considering RedHat instead of Debian just for this reason
even if they prefer the Debian Quality of software.


//Gunnar Isaksson

Reply to:

Follow-Ups:
- Re: Official Debian digital 'branding' of debs
  - From: Chris Lawrence <quango@watervalley.net>
- Re: Official Debian digital 'branding' of debs
  - From: Goswin Brederlow <goswin.brederlow@student.uni-tuebingen.de>
- Re: Official Debian digital 'branding' of debs
  - From: "James R. Van Zandt" <jrv@vanzandt.mv.com>

Prev by Date: Re: [comp.os.linux.announce] CIPE 1.3.0 - encrypting IP tunnel
Next by Date: Re: UK Unix Users Group --- Linux '99 Conference --- Next Weekend
Previous by thread: Re: libc5 to libc6
Next by thread: Re: Official Debian digital 'branding' of debs
Index(es):
- Date
- Thread