Re: Secure apt-get

To: John Goerzen <jgoerzen@progenylinux.com>
Cc: debian-devel@lists.debian.org
Subject: Re: Secure apt-get
From: Itai Zukerman <zukerman@math-hat.com>
Date: 23 Jan 2001 10:23:09 -0500
Message-id: <[🔎] 87bssyqoma.fsf@matt.w80.math-hat.com>
In-reply-to: <[🔎] 87zognfmfh.fsf@complete.org>
References: <[🔎] 01011819481401.00676@neo> <[🔎] 87zognfmfh.fsf@complete.org>

On 19 Jan 2001 13:04:34 -0500, John Goerzen <jgoerzen@progenylinux.com> wrote:
> I have been working with Ben Collins on this project already.  You may
> find some documentation -- albeit somewhat out-of-date -- on this at
> the URLs below.  The software is already written and will be showing
> up in Debian this weekend.
> 
> My draft spec:
> 
> gopher://gopher.quux.org:70/9/devel/debian/debsigs.ps   (PostScript)
> gopher://gopher.quux.org:70/0/devel/debian/debsigs.txt  (Plain Text)

Hi,

I finally got around to reading this, and I have one concern: It seems
with this scheme you need to extract the components in order to decide
if two .debs are the same, since adding signatures changes their
lengths/md5sums.  For example, Corel puts out a foo_1_i386.deb, how do
I find out if it's the same as one in Debian proper?  Will we be
seeing a debcmp utility?

-itai

Reply to:

Follow-Ups:
- Re: Secure apt-get
  - From: John Goerzen <jgoerzen@progenylinux.com>

References:
- Secure apt-get
  - From: Klaus Reimer <kay@debian.org>
- Re: Secure apt-get
  - From: John Goerzen <jgoerzen@progenylinux.com>

Prev by Date: Re: dpkg-dev-emacs vs. debian-changelog-mode vs...
Next by Date: debian booth at linux expo paris next week
Previous by thread: Re: Secure apt-get
Next by thread: Re: Secure apt-get
Index(es):
- Date
- Thread