[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PATCH: package verification in dpkg

Jason Gunthorpe <jgg@debian.org> writes:

> On 9 Mar 2001, John Goerzen wrote:
> > Below is a patch that will allow dpkg to do cryptographic verification
> > of gpg signatures attached to packages at install time.  It uses
> Could it at least have an option to turn it off? APT users using the new
> secured release files are not going to want to burn the cycles to do this.

If debsig-verify is not installed, it never runs.

Incidentally, secured release files serve a different purpose and
there are many benefits to supporting both.

-- John

Reply to: