Re: Secure apt-get
On 19 Jan 2001 13:04:34 -0500, John Goerzen <jgoerzen@progenylinux.com> wrote:
> I have been working with Ben Collins on this project already. You may
> find some documentation -- albeit somewhat out-of-date -- on this at
> the URLs below. The software is already written and will be showing
> up in Debian this weekend.
>
> My draft spec:
>
> gopher://gopher.quux.org:70/9/devel/debian/debsigs.ps (PostScript)
> gopher://gopher.quux.org:70/0/devel/debian/debsigs.txt (Plain Text)
Hi,
I finally got around to reading this, and I have one concern: It seems
with this scheme you need to extract the components in order to decide
if two .debs are the same, since adding signatures changes their
lengths/md5sums. For example, Corel puts out a foo_1_i386.deb, how do
I find out if it's the same as one in Debian proper? Will we be
seeing a debcmp utility?
-itai
Reply to: