[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dpkg-sig: sign binary debian archive files

On Sat, Dec 27, 2003 at 07:58:28PM +0100, Andreas Barth wrote:
> * Ben Collins (bcollins@debian.org) [031227 17:10]:
> > On Sat, Dec 27, 2003 at 09:49:33AM +0100, Andreas Barth wrote:
> > > we discussed here and elsewhere signatures on binary debian archive
> > > files. dpkg-sig is capable of creating and verifying these signatures.
> > > It has been uploaded to the archive, but due to the current
> > > non-processing of NEW it'll take some time till it is available.
> > > 
> > > The latest development version is always available at
> > > deb http://dpkg-sig.turmzimmer.net/dpkg-sig/ ./
> > > deb-src http://dpkg-sig.turmzimmer.net/dpkg-sig/ ./
> 
> > What's the difference between this and the tools that already existed?
> 
> This tools signs binary debian archive files (i.e. *.deb), and not
> .changes and .dsc-files. So, there's only one existing tool at the
> moment, debsigs.

Somebody should probably highlight the differences between the
this and the signature checking in apt 0.6.

I gather this is per deb package, where the stuff in apt 0.6 is per
archive.

What are the pros/cons of each method?

Also, how does dpkg-sig compare with debsigs?
-- 
Brian May <bam@debian.org>
Reply to: