I'm releasing these things now... have them in development and use for a couple weeks/months now. A Python module for doing debsigs-type package signatures and verification thereof. Uses and included module for GnuPG file signatures and verification. It also includes a miniscript that, given a .changes file, signs the .deb, the .dsc and the .changes file (with the md5s in .changes adjusted). jerhard.org/files/python-debsigs-snapshot.tar.gz This one is infrastructure for verification of packages based on Release/Release.gpg. jerhard.org/files/verifydebs-snapshot.tar.gz Both are a bit underdocumented (meaning: no docs at all), so Use the Source, Luke. Hope someone will like it. I do ;-) I'm also *very* much interested in finding out what is insecurely done. It could be improved by using the Python gpgme wrapper. Any patches are *very* welcome! Bye, J PS: Yes, a crosspost, but both packages are linked (verifydebs uses python-debsigs), and both have stuff for developers and users. Flame me anyway, if you must ;-) -- Jürgen A. Erhard Invasion! http://invasion.jerhard.org I'm a FIG (http://www.fig.org) Ach, wir Paranoiker sind schon irgendwie verrückt.
Description: PGP signature