[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dpkg-sig support wanted?

On Fri, 25 Nov 2005 12:50:41 -0800, Thomas Bushnell BSG
<tb@becket.net> wrote:
>Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de> writes:
>> The archive signing key gives absolutely no integrity ensurance on the
>> deb package. The only thing it insures is that the file was not
>> altered _after_ leaving ftp.de.debian.org for the mirrors and/or
>> user. In no way does it prevent altering the deb on ftp-master.
>Isn't that a useful assurance?  Perhaps I trust the maintenance of
>ftp-master, but not the maintenance of Joe Random Mirror.

So the natural reaction would be having _both_ signatures so that the
individual user can choose whom to trust.


-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber         |   " Questions are the         | Mailadresse im Header
Mannheim, Germany  |     Beginning of Wisdom "     | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834

Reply to: