Re: dpkg-sig: sign binary debian archive files
On Sat, Dec 27, 2003 at 07:58:28PM +0100, Andreas Barth wrote:
> * Ben Collins (firstname.lastname@example.org) [031227 17:10]:
> > On Sat, Dec 27, 2003 at 09:49:33AM +0100, Andreas Barth wrote:
> > > we discussed here and elsewhere signatures on binary debian archive
> > > files. dpkg-sig is capable of creating and verifying these signatures.
> > > It has been uploaded to the archive, but due to the current
> > > non-processing of NEW it'll take some time till it is available.
> > >
> > > The latest development version is always available at
> > > deb http://dpkg-sig.turmzimmer.net/dpkg-sig/ ./
> > > deb-src http://dpkg-sig.turmzimmer.net/dpkg-sig/ ./
> > What's the difference between this and the tools that already existed?
> This tools signs binary debian archive files (i.e. *.deb), and not
> .changes and .dsc-files. So, there's only one existing tool at the
> moment, debsigs.
Somebody should probably highlight the differences between the
this and the signature checking in apt 0.6.
I gather this is per deb package, where the stuff in apt 0.6 is per
What are the pros/cons of each method?
Also, how does dpkg-sig compare with debsigs?
Brian May <email@example.com>