Re: [RFH] The need for signed packages and signed Releases (long, long)
On Sat, 16 Nov 2002, Anthony Towns wrote:
> On Fri, Nov 15, 2002 at 11:13:15AM -0500, Colin Walters wrote:
> > Just a note, Isaac Jones <ijones@syntaxpolice.org> and I have been
> > working on this a bit. Right now we have made apt download the toplevel
> > Release file, and we're currently battling libgpgme.
>
> If you've done this, Jason's been lusting after something that'll make
> apt's progress bar work correct for downloading Packages files for years
> now. Making this bit work at least should be an easy fix, and might get
> CVS at least half way there...
Yeah, it's not too hard that part. The hard part is ensuring that nothing
leaks out before having been checked by a release file under any
circumstance..
There is also already a GPG signature checker for apt, the connectiva
folks wrote it, I have a copy someplace..
Jason
Reply to: