Re: PATCH: package verification in dpkg
Jason Gunthorpe <email@example.com> writes:
> On 9 Mar 2001, John Goerzen wrote:
> > Below is a patch that will allow dpkg to do cryptographic verification
> > of gpg signatures attached to packages at install time. It uses
> Could it at least have an option to turn it off? APT users using the new
> secured release files are not going to want to burn the cycles to do this.
If debsig-verify is not installed, it never runs.
Incidentally, secured release files serve a different purpose and
there are many benefits to supporting both.