Re: [RFH] The need for signed packages and signed Releases (long, long)

To: Javier.Fern@mail013.syd.optusnet.com.au
Cc: debian-devel@lists.debian.org
Subject: Re: [RFH] The need for signed packages and signed Releases (long, long)
From: Glenn McGrath <bug1@optushome.com.au>
Date: Wed, 13 Nov 2002 02:03:55 +1100
Message-id: <[🔎] 20021113020355.5e370f2f.bug1@optushome.com.au>
In-reply-to: <[🔎] 20021112143711.GA6850@dat.etsit.upm.es>
References: <[🔎] 20021112143711.GA6850@dat.etsit.upm.es>

On Tue, 12 Nov 2002 15:37:11 +0100
Javier Fernández-Sanguino Peña <jfs@computer.org> wrote:

> - accept signatures in packages when uploading to the archive.

It would be convenient if the signature was a part of the package, so the
package can be checked where ever it goes, it could be an extra file in
the ar component of the deb.

It would only need to sign the control.tar.gz as the contents of the
data.tar.gz could be verified from the ./md5sums within control.tar.gz


Glenn

Reply to:

Follow-Ups:
- Re: [RFH] The need for signed packages and signed Releases (long, long)
  - From: John Goerzen <jgoerzen@complete.org>
- Re: [RFH] The need for signed packages and signed Releases (long, long)
  - From: Alexander Neumann <alexander@debian.org>
- Re: [RFH] The need for signed packages and signed Releases (long, long)
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>

References:
- [RFH] The need for signed packages and signed Releases (long, long)
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>

Prev by Date: Re: Discussion - non-free software removal
Next by Date: Re: Bug#168788: ITP: openoffice.org-debian-files -- OpenOffice.org office uite (additional files by Debian)
Previous by thread: [RFH] The need for signed packages and signed Releases (long, long)
Next by thread: Re: [RFH] The need for signed packages and signed Releases (long, long)
Index(es):
- Date
- Thread