[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dpkg-sig support wanted?

On Thu, Nov 24, 2005 at 11:54:33AM +1000, Anthony Towns wrote:
> On Wed, Nov 23, 2005 at 04:37:05PM -0200, Henrique de Moraes Holschuh wrote:
> > On Thu, 24 Nov 2005, Anthony Towns wrote:
> > > Personally, I think it's cryptographic snake oil, at least in so far
> > A signed deb has a seal of procedence and allows one to track the path it
> > made through the system, and who changed it.  
> That's what the .changes file is for.

Only possible if the .changes file is still accessable, and going through
the d-d-c archives isn't exactly convenient.

On that score, the description for d-d-c says that it includes buildd logs,
but a quick scroll through doesn't appear to find any.  Are they sent
somewhere else now, or am I just going blind?  Certainly, if we're going to
be verifying binary packages from the .changes files, we need to have all of
the buildd .changes files available in an archive *somewhere*.

- Matt

Attachment: signature.asc
Description: Digital signature

Reply to: