Re: [RFH] The need for signed packages and signed Releases (long, long)

To: debian-devel@lists.debian.org
Subject: Re: [RFH] The need for signed packages and signed Releases (long, long)
From: Alexander Neumann <alexander@debian.org>
Date: Tue, 12 Nov 2002 16:21:56 +0100
Message-id: <[🔎] 20021112152156.GH12307@bumpern.de>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20021113020355.5e370f2f.bug1@optushome.com.au>
References: <[🔎] 20021112143711.GA6850@dat.etsit.upm.es> <[🔎] 20021113020355.5e370f2f.bug1@optushome.com.au>

Hi,

Glenn McGrath wrote:
> It would only need to sign the control.tar.gz as the contents of the
> data.tar.gz could be verified from the ./md5sums within control.tar.gz

That's true, but AFAIR the md5sums-file is optional. If we want to use
it to verify the contents of data.tar.gz it must be required by the
policy.

- Alexander

-- 
"fighting for peace is like fucking for virginity"

Attachment: pgpWeXBUVvvr8.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: [RFH] The need for signed packages and signed Releases (long, long)
  - From: Adam Heath <doogie@debian.org>

References:
- [RFH] The need for signed packages and signed Releases (long, long)
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- Re: [RFH] The need for signed packages and signed Releases (long, long)
  - From: Glenn McGrath <bug1@optushome.com.au>

Prev by Date: Re: [RFH] The need for signed packages and signed Releases (long, long)
Next by Date: Re: Discussion - non-free software removal
Previous by thread: Re: [RFH] The need for signed packages and signed Releases (long, long)
Next by thread: Re: [RFH] The need for signed packages and signed Releases (long, long)
Index(es):
- Date
- Thread