[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Package signatures tools

On Fri, Jul 11, 2003 at 05:47:10PM +0200, J?rgen A.Erhard wrote:
> I'm releasing these things now... have them in development and use for
> a couple weeks/months now.
> A Python module for doing debsigs-type package signatures and
> verification thereof.  Uses and included module for GnuPG file
> signatures and verification.

Also, I think using any scripted tool to do the verification is asking
for security holes. It pulls in too many variables on which verification
needs to depend. The debsigs-verify tool does the verification and xml
parsing all in one C program.

What did you find wrong with the current tools already available and
documented? The only thing they need is policy to get them going. Dpkg
can already call debsig-verify to validate a package. It just needs to
be turned on.

Debian     - http://www.debian.org/
Linux 1394 - http://www.linux1394.org/
Subversion - http://subversion.tigris.org/
Deqo       - http://www.deqo.com/

Reply to: