[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [RFH] The need for signed packages and signed Releases (long, long)

On Tue, Nov 12, 2002 at 09:20:42AM -0600, John Goerzen wrote:
> On Wed, Nov 13, 2002 at 02:03:55AM +1100, Glenn McGrath wrote:
> > On Tue, 12 Nov 2002 15:37:11 +0100
> > Javier Fernández-Sanguino Peña <jfs@computer.org> wrote:
> > 
> > > - accept signatures in packages when uploading to the archive.
> > 
> > It would be convenient if the signature was a part of the package, so the
> > package can be checked where ever it goes, it could be an extra file in
> > the ar component of the deb.
> This is already done and available in the debsigs package that I wrote for
> Progeny (now maintained by Branden, it looks like).  What's all this wheel
> reinventing?

I am currently playing with debsigs. What is meant by 'type' for the --sign
option? I tried 'foo' and 'deb', I get signatures into the deb as can be seen
with ar tf, but debsig-verify says there are no signatures. The 'type'
ends up in the filename of the signature.

This should be better documented.

Oh my, the stars!
       me, first time I stared at the night sky with my new contact lenses

Attachment: pgpJaeLSV99I0.pgp
Description: PGP signature

Reply to: