[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packages and signatures

On Sat, Jan 20, 2001 at 07:31:43AM +0100, Goswin Brederlow wrote:
> Sign the Packages files, which contain the md5sum.
> That could be done on a more secure server than the autobuilder.

The Problem with this is, that the package file is almost never in sync with
the content of the archive. And verifying a once downloaded package is not
posible if there is a change on the ftp server if you dont keep a copy of
the package file with each .deb.

Greetings
Bernd
-- 
  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
Reply to: