Re: packages authenticity

To: Stefan Alfredsson <stefan@alfredsson.org>
Cc: Guus Sliepen <guus@warande3094.warande.uu.nl>, debian-devel@lists.debian.org
Subject: Re: packages authenticity
From: Taral <taral@taral.net>
Date: Mon, 2 Apr 2001 13:43:18 -0500
Message-id: <[🔎] 20010402134318.E3037@yeenoghu.cs.utexas.edu>
In-reply-to: <[🔎] 20010402160214.A17999@sa-pc.cs.kau.se>; from stefan@alfredsson.org on Mon, Apr 02, 2001 at 04:02:14PM +0200
References: <[🔎] 20010402160214.A17999@sa-pc.cs.kau.se>

On Mon, Apr 02, 2001 at 04:02:14PM +0200, Stefan Alfredsson wrote:
> Quoting Guus Sliepen <guus@warande3094.warande.uu.nl> [30 Mar-01 15:22]:
> > On Fri, Mar 30, 2001 at 02:56:53PM +0200, Tamas SZERB wrote:
> > > Hi, I was wondering it there is any authenticity checking for the debian
> > > package, because we signed the md5sum file with our gpg/pgp key, but how can
> > > the user to make sure if these signs belogs to the valid package maintainer?
> > Well the user can get the key from the public key servers and run gpg/pgp on it.
> 
> or apt-get install debian-keyring, to get every developer sigs at one
> time :)

That was quite out of date last I checked.

Taral

Reply to:

References:
- Re: packages authenticity
  - From: Stefan Alfredsson <stefan@alfredsson.org>

Prev by Date: Re: RFC: new update-inetd
Next by Date: postinst freeze?
Previous by thread: Re: packages authenticity
Next by thread: (off-topic)Re: Security trough paranoia
Index(es):
- Date
- Thread