Re: [RFH] The need for signed packages and signed Releases (long, long)

To: debian-devel@lists.debian.org
Cc: debian-devel@lists.debian.org
Subject: Re: [RFH] The need for signed packages and signed Releases (long, long)
From: Jason Gunthorpe <jgg@debian.org>
Date: Fri, 15 Nov 2002 12:37:58 -0700 (MST)
Message-id: <[🔎] Pine.LNX.3.96.1021115123656.20550A-100000@wakko.debian.net>
In-reply-to: <[🔎] 20021115183812.GA18631@azure.humbug.org.au>

On Sat, 16 Nov 2002, Anthony Towns wrote:

> On Fri, Nov 15, 2002 at 11:13:15AM -0500, Colin Walters wrote:
> > Just a note, Isaac Jones <ijones@syntaxpolice.org> and I have been
> > working on this a bit.  Right now we have made apt download the toplevel
> > Release file, and we're currently battling libgpgme.
> 
> If you've done this, Jason's been lusting after something that'll make
> apt's progress bar work correct for downloading Packages files for years
> now. Making this bit work at least should be an easy fix, and might get
> CVS at least half way there...

Yeah, it's not too hard that part. The hard part is ensuring that nothing
leaks out before having been checked by a release file under any
circumstance..

There is also already a GPG signature checker for apt, the connectiva
folks wrote it, I have a copy someplace..

Jason

Reply to:

References:
- Re: [RFH] The need for signed packages and signed Releases (long, long)
  - From: Anthony Towns <aj@azure.humbug.org.au>

Prev by Date: Re: Discussion - non-free software removal
Next by Date: Re: URLs on debian.org/distrib/packages pages
Previous by thread: Re: [RFH] The need for signed packages and signed Releases (long, long)
Next by thread: Re: [RFH] The need for signed packages and signed Releases (long, long)
Index(es):
- Date
- Thread