Re: Packages and Signatures, a summary
Marcus Brinkmann wrote:
> I disagree with this. dpkg should have some rudimentary support to verify a
> signature. I might want to use this feature on a machine where I don't have
> apt installed, or on a platform where apt is not ported to. If apt can
> support advanced features, that's nice, but dpkg is still our central
> packaging system, and should support all critical features.
That's why I said:
<joeyh> Culus: there is probably value in adding a switch to
dpkg that dumps out a package's sig.
<joeyh> no verification, no value judgements.
<Culus> joeyh: dpkg-deb I guess.
I'm not sure if Jason meant dpkg-deb should do this and not dpkg, or
that dpkg-deb is where the switch really should be _added_, to untimatly
add the capability to dpkg. I hope the latter.
dpkg can be also be used as a front-end to dpkg-deb. The
following are dpkg-deb actions, and if they are encoun
tered, dpkg just runs dpkg-deb with the parameters given
-X, --vextract, and
see shy jo