[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [ANNOUNCE] experiemental dpkg available



Ben Collins wrote:
> Known problems, each .deb signed requires you to enter your passphrase
> twice (once for each member), which get's really old after the second or
> third package. Any help with getting around this would be nice.

If you instead generated a file containing the md5sums of the control.tar
and data.tar, you could sign it and only need to sign things once. I suppose
this is just a little less secure, since a md5sum probably doesn't give an
many bits of checksum data as does a pgp signature. Still, we already use
this technique in .dsc files..

-- 
see shy jo


Reply to: