[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debsig (Was Re: Apt-get is insecure)

On Thu, Dec 13, 2001 at 05:00:09PM +0100, J.H.M. Dassen (Ray) wrote:
> On Thu, Dec 13, 2001 at 16:49:07 +0100, Wichert Akkerman wrote:
> > Previously Alan James wrote:
> > > don't you mean debsig-verify ?
> > Hmm, possibly :)
> Speaking of which, how is a developer supposed to configure the development
> tools to include this type of signature in the .debs?

BTW, in case any is wondering exactly what else we need on policy side
to use debsigs/debsig-verify. Mainly it boils down to a signature policy
(not to be confused with a Debian Signing policy), which is in XML
format for debsig-verify to use.

I have a quite simple one already, and a proposal for us to use them
sanely (as maintainers, and for the archive). I'm just waiting for woody
to get out of the way first. No reason to complicate the release cycle
by introducing yet another tool that maintainers can break woody with.


/                   Ben Collins    --    Debian GNU/Linux                  \
`  bcollins@debian.org  --  bcollins@openldap.org  --  bcollins@linux.com  '

Reply to: