[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: packages authenticity

Quoting Guus Sliepen <guus@warande3094.warande.uu.nl> [30 Mar-01 15:22]:
> On Fri, Mar 30, 2001 at 02:56:53PM +0200, Tamas SZERB wrote:
> > Hi, I was wondering it there is any authenticity checking for the debian
> > package, because we signed the md5sum file with our gpg/pgp key, but how can
> > the user to make sure if these signs belogs to the valid package maintainer?
> Well the user can get the key from the public key servers and run gpg/pgp on it.

or apt-get install debian-keyring, to get every developer sigs at one
time :)


Reply to: