Re: dpkg-sig: sign binary debian archive files
On Monday 29 December 2003 14:56, Andreas Barth wrote:
> * George Danchev (danchev@spnet.net) [031228 21:25]:
> > > No. The verification capabilities of dpkg-sig are aequivalent to the
> > > package extraction capabilities of dpkg-deb - very usefull if one
> > > needs such a thing, but not the default usage in daily operation. For
> > > the everyday signature verification I recommend a more high-level tool
> > > than dpkg-sig.
> >
> > Good. Please describe this in your policy.html for further references...
> > and your suggestions for the high-level tools for daily usage too ...
>
> Well, policy is IMHO not the right place, but I started with
> http://dpkg-sig.turmzimmer.net/faq.html and put there snippets from
> this thread.
Thanks. That will help to clear up the situation. I suggest to split out the
paragraph of "When and if dpkg-sig is liked and accepted by the community,
than the next changes ..." into separate one named something like "Other
packages to change" and to try to follow the status of these changes if any.
I saw your submition of the patch to dpkg-buildpackage ... which will make
the things transperant for others like cvs-buildpackage which will call the
patched dpkg-buildpackage...
I'm really interesting to read some bits from dpkg developers about accepting
dpkg-sig (and possibly dscverify) into dpkg/scripts/ tree.
Hm, shouldn't dpkg-sig Depend: on devscripts now?
--
pub 4096R/0E4BD0AB 2003-03-18 <keyserver.bu.edu>
1AE7 7C66 0A26 5BFF DF22 5D55 1C57 0C89 0E4B D0AB
Reply to: