[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dpkg-sig support wanted?

* Marc Brockschmidt:

> Today (or last night, whatever), the dak installation on ftp-master was
> changed to not accept packages that include more than 3 parts, which are
> usually the binary version and the compressed control and data
> tarballs. This means that signed binary packages are rejected.

This is a pity.  I think dpkg-sig is an important step into the right
direction: providing more assurances about package integrity to our

I'm confused about the status of the dak change, though.  The dak
mirror on merkel does not show any modifiations of the jennifer script
since May 31.  The diff at
<http://cvs.debian.org/dak/jennifer?root=dak&r1=1.56&r2=1.57> shows
that the additional check was *removed*, not *added* more than a week
ago.  Therefore, the dak CVS does not reflect what's actually in
production use.

Since there is no way for Debian Developers to review the way Debian
packages are created (and it's totally out of question for end users),
something that provides DD-to-user package signatures at least in some
cases is very desirable indeed.

Reply to: