Re: dpkg-sig support wanted?

To: Marc 'HE' Brockschmidt <he@debian.org>
Cc: debian-devel@lists.debian.org
Subject: Re: dpkg-sig support wanted?
From: Florian Weimer <fw@deneb.enyo.de>
Date: Wed, 23 Nov 2005 11:33:47 +0100
Message-id: <[🔎] 87fypntzzo.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] 877jb0iswl.fsf@nahar.marcbrockschmidt.de> (Marc Brockschmidt's message of "Tue, 22 Nov 2005 16:50:02 +0100")
References: <[🔎] 877jb0iswl.fsf@nahar.marcbrockschmidt.de>

* Marc Brockschmidt:

> Today (or last night, whatever), the dak installation on ftp-master was
> changed to not accept packages that include more than 3 parts, which are
> usually the binary version and the compressed control and data
> tarballs. This means that signed binary packages are rejected.

This is a pity.  I think dpkg-sig is an important step into the right
direction: providing more assurances about package integrity to our
users.

I'm confused about the status of the dak change, though.  The dak
mirror on merkel does not show any modifiations of the jennifer script
since May 31.  The diff at
<http://cvs.debian.org/dak/jennifer?root=dak&r1=1.56&r2=1.57> shows
that the additional check was *removed*, not *added* more than a week
ago.  Therefore, the dak CVS does not reflect what's actually in
production use.

Since there is no way for Debian Developers to review the way Debian
packages are created (and it's totally out of question for end users),
something that provides DD-to-user package signatures at least in some
cases is very desirable indeed.

Reply to:

Follow-Ups:
- Re: dpkg-sig support wanted?
  - From: Anthony Towns <aj@azure.humbug.org.au>

References:
- dpkg-sig support wanted?
  - From: Marc 'HE' Brockschmidt <he@debian.org>

Prev by Date: Re: I am still on the keyring. With my old key.
Next by Date: Bug#340404: ITP: libemail-valid-loose-perl -- Email::Valid which allows dot before at mark
Previous by thread: Re: dpkg-sig support wanted?
Next by thread: Re: dpkg-sig support wanted?
Index(es):
- Date
- Thread