Hi everyone, I am worried because binary security updates in security.debian.org are difficult to verify via md5sum/GPG sign (I am thinking in writing a script to download/verify them automaticaly before install them and tripwiring them) It could be easy to have a package.sig GPG separate signature file of every deb, or at least the package.changes which is already signed and has the md5sum of the deb An alternative less atractive is to have Packages file (which has md5sums of packages) signed in a separate file (Packages.sig) Sources updates already have a signed package.dsc file containing md5sum per file, why binarys do not? Best regards, -- ------------------------------------------------- Manel Marin e-mail: manel3@apdo.com Linux Powered (Debian 2.2 potato) kernel 2.4.5 GnuPG keyID: F9BC34B5 en certserver.pgp.com fingerprint: 2F60 43D5 A297 5458 9067 5A50 0029 9C8D F9BC 34B5 Mira mis chuletas de Linux en http://perso.wanadoo.es/manel3 ------------------------------------------------- Mi petición de drivers para Linux es la nº 33126 (Pasate por http://www.libranet.com/petition.html ;-)
Attachment:
pgpXjpneLhOy1.pgp
Description: PGP signature