[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: md5sums files

On Wed, Mar 03, 2010 at 03:14:04PM -0800, Russ Allbery wrote:
> Harald Braumann <harry@unheit.net> writes:
> > Completely agreed. Also, because playing around is always more fun than
> > just talking, I've attached a script that signs/verifies binary
> > packages. Dpkg doesn't seem to mind the extra files.
> > This script signs each file in the package individually, but it could
> > also concatenate them all alphabetically and create just one signature.
> See debsigs.
Ah, thanks, good to know.

> There have been previous discussions on debian-devel about this.  I
> believe DAK does not allow packages signed using debsigs to be uploaded.
> I'm not sure if that's out of objection to the entire concept, or whether
> there are just technical issues that need to be resolved first.  (I
> probably would know if I had a better memory for the previous discussion,
> but unfortunately I appear to have recycled those brain cells.)

Maybe this [0]?

Also, it seems, that people have `discussed' it, and that there was
experimental support in dpkg for it [1]. The proposal, that came out of
this discussion is outlined in [2]. This was in 2000 ...

I haven't found any specific reasons why it was never implemented. I guess
the reason is just that it's hard to do. Not the technical side, but
defining the processes.


[0] http://lists.debian.org/debian-devel/2002/03/msg01484.html
[1] http://lists.debian.org/debian-dpkg/2000/07/msg00001.html
[2] http://lists.debian.org/debian-dpkg/2000/07/msg00044.html

Reply to: