Re: packages authenticity

To: Guus Sliepen <guus@warande3094.warande.uu.nl>, debian-devel@lists.debian.org
Subject: Re: packages authenticity
From: Stefan Alfredsson <stefan@alfredsson.org>
Date: Mon, 2 Apr 2001 16:02:14 +0200
Message-id: <[🔎] 20010402160214.A17999@sa-pc.cs.kau.se>
In-reply-to: <20010330151407.A12798@sliepen.warande.net>; from guus@warande3094.warande.uu.nl on Fri, Mar 30, 2001 at 03:14:07PM +0200
References: <20010330145653.B13330@toma@rulez.org> <20010330151407.A12798@sliepen.warande.net>

Quoting Guus Sliepen <guus@warande3094.warande.uu.nl> [30 Mar-01 15:22]:
> On Fri, Mar 30, 2001 at 02:56:53PM +0200, Tamas SZERB wrote:
> > Hi, I was wondering it there is any authenticity checking for the debian
> > package, because we signed the md5sum file with our gpg/pgp key, but how can
> > the user to make sure if these signs belogs to the valid package maintainer?
> Well the user can get the key from the public key servers and run gpg/pgp on it.

or apt-get install debian-keyring, to get every developer sigs at one
time :)

/Stefan

Reply to:

Follow-Ups:
- Re: packages authenticity
  - From: Taral <taral@taral.net>

Prev by Date: Re: RFC: new update-inetd
Next by Date: Re: RFC: new update-inetd
Previous by thread: Re: Sid and shared libraries...
Next by thread: Re: packages authenticity
Index(es):
- Date
- Thread