Re: leaks in our only-signed-software fortress

To: debian-devel@lists.debian.org
Subject: Re: leaks in our only-signed-software fortress
From: Toni Mueller <toni@debian.org>
Date: Tue, 21 Feb 2012 22:42:14 +0100
Message-id: <[🔎] 4F440FB6.5020202@debian.org>
In-reply-to: <[🔎] 201202181148.31883.thomas@koch.ro>
References: <[🔎] 0763775752c72b696283491568e04907@scientia.net> <[🔎] 201202181148.31883.thomas@koch.ro>

On 02/18/2012 11:48 AM, Thomas Koch wrote:
> What about a debhelper script that receives an URL (or set of mirror URLs) and 
> a SHA1 and does the download and check?

If you're going this way, try to peek at the *BSD's ports systems,
specifically their 'distinfo' files. SHA1 is not enough, imho.

-- 
Kind regards,
--Toni++

Reply to:

Follow-Ups:
- Re: leaks in our only-signed-software fortress
  - From: Darren Salt <linux@youmustbejoking.demon.co.uk>

References:
- leaks in our only-signed-software fortress
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: leaks in our only-signed-software fortress
  - From: Thomas Koch <thomas@koch.ro>

Prev by Date: Re: upstart: please update to latest upstream version
Next by Date: DDTSS broken (was: Description-less Packages indices)
Previous by thread: Re: leaks in our only-signed-software fortress
Next by thread: Re: leaks in our only-signed-software fortress
Index(es):
- Date
- Thread