Re: dpkg-sig: sign binary debian archive files
On Sunday 28 December 2003 16:17, Andreas Barth wrote:
--cut--
> similar. I remember also a discussion with doogie about "make it in an
> extra package or as part of dpkg (source package)?" where I got
> something like: Show usable code in an extra package, and if it works
> (and is actually used), it's possible to move that to dpkg later on.
Perhaps that had being discused before, that patch [1] had being introduced
and merged. As far as I can see it is in dpkg src tree and interacts with the
package of debsig-verify and also described in securing-debian-howto.
> So, for me the situation is this:
> - If the dpkg-maintainers ask me to change name I'll of course do this.
> - I'll try to move the code to src:dpkg if dpkg-sig is really used
> (which I assume and hope); otherwise, we won't need an unused
> package in the archive.
As I understand this is an alternative of the above patch+debsig-verify story.
Isn't it a little bit confusing to have 2 methods for per-deb signing/
checking.
The situation with apt (treating the per-distributon-releases) is almost
similar, or there is some differences between apt-check-sigs [2] and the
changes applied to apt-0.6.x apt-0.5.17 branches.
> I hope this is ok.
Possitive. I (personally) like your code, but reading the relevant part of
securing-debian-howto and looking at the debian archives I still see 2
options available for "per-deb" and 2 options available for "per-archive"
signaturing. Debian has been missing that sigs stoy for years, but presently
there is an avalanche of such code introduced ... now what ...voting ?
[1] http://lists.debian.org/debian-dpkg/2001/debian-dpkg-200103/msg00024.html
[2] http://people.debian.org/~ajt/apt-check-sigs
--
pub 4096R/0E4BD0AB 2003-03-18 <keyserver.bu.edu>
1AE7 7C66 0A26 5BFF DF22 5D55 1C57 0C89 0E4B D0AB
Reply to: