Re: [RFC] Enhance checksum support

To: Anthony Towns <aj@azure.humbug.org.au>
Cc: debian-dpkg@lists.debian.org, Raphael Hertzog <hertzog@debian.org>
Subject: Re: [RFC] Enhance checksum support
From: Frank Lichtenheld <djpig@debian.org>
Date: Mon, 11 Feb 2008 13:03:18 +0100
Message-id: <[🔎] 20080211120318.GW18497@mail-vs.djpig.de>
Mail-followup-to: Anthony Towns <aj@azure.humbug.org.au>, debian-dpkg@lists.debian.org, Raphael Hertzog <hertzog@debian.org>
In-reply-to: <[🔎] 20080210230738.GA25392@blae.erisian.com.au>
References: <1200273548-28777-2-git-send-email-djpig@debian.org> <1200273548-28777-1-git-send-email-djpig@debian.org> <20080114075313.GA31251@ouaza.com> <20080118133855.GB19166@blae.erisian.com.au> <20080119171545.GG11858@planck.djpig.de> <20080120034535.GA1403@blae.erisian.com.au> <20080126211456.GS17493@mail-vs.djpig.de> <20080129050612.GA7811@blae.erisian.com.au> <[🔎] 20080210174654.GS18497@mail-vs.djpig.de> <[🔎] 20080210230738.GA25392@blae.erisian.com.au>

On Mon, Feb 11, 2008 at 09:07:38AM +1000, Anthony Towns wrote:
> On Sun, Feb 10, 2008 at 06:46:55PM +0100, Frank Lichtenheld wrote:
> > On Tue, Jan 29, 2008 at 04:06:12PM +1100, Anthony Towns wrote:
> > > On Sat, Jan 26, 2008 at 10:14:56PM +0100, Frank Lichtenheld wrote:
> > > > The whole thing honestly doesn't do much for security anyway until the gpg
> > > > support of dpkg-source is largely improved. For that I have no real concept 
> > > > yet, though.
> > > Well, apt verifies them when it downloads the source before passing
> > > it to dpkg to unpack; and there's also verification when entering the
> > That would be news to me. And I can't seem to find that in the code,
> > either.
> 
> $ apt-get source dpkg
> Reading package lists... Done
> Building dependency tree... Done
> Need to get 3385kB of source archives.
> Get:1 http://blah stable/main dpkg 1.13.25 (dsc) [853B]
> Get:2 http://blah stable/main dpkg 1.13.25 (tar) [3385kB]
> Fetched 3385kB in 10s (334kB/s)
> Failed to fetch http://blah/debian/pool/main/d/dpkg/dpkg_1.13.25.dsc  MD5Sum mismatch
> E: Failed to fetch some archives.

I was talking about the GPG signature of the .dsc

Gruesse,
-- 
Frank Lichtenheld <djpig@debian.org>
www: http://www.djpig.de/

Reply to:

Follow-Ups:
- Re: [RFC] Enhance checksum support
  - From: Anthony Towns <aj@azure.humbug.org.au>

References:
- Re: [RFC] Enhance checksum support
  - From: Frank Lichtenheld <djpig@debian.org>
- Re: [RFC] Enhance checksum support
  - From: Anthony Towns <aj@azure.humbug.org.au>

Prev by Date: dpkg-source's future and relation with VCS
Next by Date: Re: ebuild
Previous by thread: Re: [RFC] Enhance checksum support
Next by thread: Re: [RFC] Enhance checksum support
Index(es):
- Date
- Thread