Package verification

To: debian-devel@lists.debian.org
Subject: Package verification
From: David Findlay <david_j_findlay@yahoo.com.au>
Date: Wed, 13 Feb 2002 20:33:42 +1000
Message-id: <[🔎] 3n7zzB.A.a1.sEka8@murphy>
Reply-to: david_j_findlay@yahoo.com.au

I'm working(among other things) on a way download packages(binary or source) 
from a P2P network such as giFT openft. This isn't a good idea if you can't 
verify that the package you are getting was actually created by the 
maintainer of the package, or someone authorised to do NMUs. Is there 
currently a good way to do it, and when will it be used? I was told by 
someone that debsign-verify isn't a good thing. I'm not convinced the md5sums 
are good enough. Thanks,

David

Reply to:

Follow-Ups:
- Re: Package verification
  - From: Wichert Akkerman <wichert@wiggy.net>

Prev by Date: Re: Bug#133649: ITP: cm-super -- cm-super is a collection of Type1 fonts. .
Next by Date: Re: building mutt SSL deb package (configure error)
Previous by thread: Bug#133698: ITP: maketool -- simple GTK+ based GUI front end for GNU make
Next by thread: Re: Package verification
Index(es):
- Date
- Thread