[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packages and Signatures, a summary

Marcus Brinkmann wrote:
> I disagree with this. dpkg should have some rudimentary support to verify a
> signature. I might want to use this feature on a machine where I don't have
> apt installed, or on a platform where apt is not ported to. If apt can
> support advanced features, that's nice, but dpkg is still our central
> packaging system, and should support all critical features.

That's why I said:

<joeyh> Culus: there is probably value in adding a switch to
        dpkg that dumps out a package's sig.
<joeyh> no verification, no value judgements.
<Culus> joeyh:  dpkg-deb I guess.

I'm not sure if Jason meant dpkg-deb should do this and not dpkg, or
that dpkg-deb is where the switch really should be _added_, to untimatly 
add the capability to dpkg. I hope the latter.

       dpkg can be also be used as a front-end to dpkg-deb.   The
       following  are  dpkg-deb  actions, and if they are encoun­
       tered, dpkg just runs dpkg-deb with the  parameters  given
       to it:
           -b, --build,
           -c, --contents,
           -I, --info,
           -f, --field,
           -e, --control,
           -x, --extract,
           -X, --vextract, and
           --fsys-tarfile.

-- 
see shy jo
Reply to: