[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Official Debian digital 'branding' of debs

On Jun 21, John Hasler wrote:
> In the future we will have a fancy new dpkg with built-in security
> features.  Signing our packages seemed like something we could do now.  Oh
> well.

As has been pointed out here, we do sign md5sums of the packages on
upload (even when the autobuilders take a package).  Anything more
complex would require changes to dpkg (or dpkg-dev, if you're content
to have separate signature files), which I don't think anybody who
understands dpkg (admittedly, a small group, one that I am not a
member of I might add) wants to work on at the moment...

|         Chris Lawrence        |            Visit my home page!            |
|    <quango@watervalley.net>   |      http://www.lordsutch.com/chris/      |
|                               |                                           |
|    Grad Student, Pol. Sci.    |    Are you tired of politics as usual?    |
|   University of Mississippi   |             http://www.lp.org/            |

Reply to: