Re: Bug#540215: Introduce dh_checksums

To: Goswin von Brederlow <goswin-v-b@web.de>
Cc: debian-devel@lists.debian.org
Subject: Re: Bug#540215: Introduce dh_checksums
From: Wouter Verhelst <wouter@debian.org>
Date: Fri, 12 Mar 2010 23:13:56 +0100
Message-id: <[🔎] 20100312221356.GJ3902@celtic.nixsys.be>
In-reply-to: <[🔎] 87aaue898o.fsf@frosties.localdomain>
References: <[🔎] 20100303151752.835b34d3.erikd@mega-nerd.com> <[🔎] 20100303104725.GA18778@celtic.nixsys.be> <[🔎] slrnhosifd.rmi.trash@kelgar.0x539.de> <[🔎] 1267650344.8266.262.camel@solid.paris.klabs.be> <[🔎] 87bpf3vrai.fsf@qurzaw.linpro.no> <[🔎] 1268066168.21347.9661.camel@solid.paris.klabs.be> <[🔎] 87wrxmbkdn.fsf@windlord.stanford.edu> <[🔎] 20100310143214.GE10578@celtic.nixsys.be> <[🔎] 20100311173710.GC25679@nn.nn> <[🔎] 87aaue898o.fsf@frosties.localdomain>

On Fri, Mar 12, 2010 at 05:16:55AM +0100, Goswin von Brederlow wrote:
> Harald Braumann <harry@unheit.net> writes:
> 
> > On Wed, Mar 10, 2010 at 03:32:14PM +0100, Wouter Verhelst wrote:
> >>
> >> Having package.checksums be GPG-signed will take a significant change in
> >> our infrastructure (buildd hosts, for instance, would need to have a way
> >> to sign checksums files as well), so it's not going to happen
> >> tomorrow.
> 
> That can be avoided by including a hash of the checksum file in the
> Packages files.

That doesn't help for the problem we're trying to fix here: having a
path to a GPG signature from an individual binary on the hard disk,
months or years after the package was installed.

With your proposal, you lose the signatures once the package is out of
the archive and you run 'apt-get update'.

-- 
The biometric identification system at the gates of the CIA headquarters
works because there's a guard with a large gun making sure no one is
trying to fool the system.
  http://www.schneier.com/blog/archives/2009/01/biometrics.html

Reply to:

Follow-Ups:
- Re: Bug#540215: Introduce dh_checksums
  - From: Goswin von Brederlow <goswin-v-b@web.de>

References:
- Re: md5sums files
  - From: Erik de Castro Lopo <erikd@mega-nerd.com>
- Re: md5sums files
  - From: Wouter Verhelst <wouter@debian.org>
- Re: md5sums files
  - From: Philipp Kern <trash@philkern.de>
- Re: md5sums files
  - From: Frank Lin PIAT <fpiat@klabs.be>
- Re: md5sums files
  - From: Tollef Fog Heen <tfheen@err.no>
- Bug#540215: Introduce dh_checksums
  - From: Frank Lin PIAT <fpiat@klabs.be>
- Re: Bug#540215: Introduce dh_checksums
  - From: Russ Allbery <rra@debian.org>
- Re: Bug#540215: Introduce dh_checksums
  - From: Wouter Verhelst <wouter@debian.org>
- Re: Bug#540215: Introduce dh_checksums
  - From: Harald Braumann <harry@unheit.net>
- Re: Bug#540215: Introduce dh_checksums
  - From: Goswin von Brederlow <goswin-v-b@web.de>

Prev by Date: Bug#573611: ITP: gettext-ant-tasks -- Java internationalization (i18n) library - Ant tasks
Next by Date: Running Debian Test version via VM Ware Player
Previous by thread: Re: Bug#540215: Introduce dh_checksums
Next by thread: Re: Bug#540215: Introduce dh_checksums
Index(es):
- Date
- Thread