Re: Secure apt-get
Itai Zukerman <zukerman@math-hat.com> writes:
> > gopher://gopher.quux.org:70/9/devel/debian/debsigs.ps (PostScript)
> > gopher://gopher.quux.org:70/0/devel/debian/debsigs.txt (Plain Text)
>
> Hi,
>
> I finally got around to reading this, and I have one concern: It seems
> with this scheme you need to extract the components in order to decide
> if two .debs are the same, since adding signatures changes their
> lengths/md5sums. For example, Corel puts out a foo_1_i386.deb, how do
That is correct.
> I find out if it's the same as one in Debian proper? Will we be
> seeing a debcmp utility?
I could trivially add a feature to debsigs to spit out md5sums of each
individual component, which you could then use for comparisons. Or do
comparisons of the type you want itself.
-- John
--
John Goerzen <jgoerzen@complete.org> www.complete.org
Sr. Software Developer, Progeny Linux Systems, Inc. www.progenylinux.com
#include <std_disclaimer.h> <jgoerzen@progenylinux.com>
Reply to: