[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PGP and Debian question

> Sorry if this has been asked before but is there currently any way for a
> Debian user to verify the authenticity of a .deb file using PGP without
> having the source?  When a package is built, the .changes and the .dsc
> file is signed which allows dinstall to verify it but is there any support
> in apt, dpkg, or Debian in general for a detached PGP signature on the
> .deb file itself provided that the user has the Debian-keyring package
> installed?

Yes, it is an issue which is currently being talked about.  At
present, there is no way to confirm the authenticity of a .deb, but it
is absolutely necessary.



  Julian Gilbey, Dept of Maths, QMW, Univ. of London. J.D.Gilbey@qmw.ac.uk
             Debian GNU/Linux Developer.  jdg@debian.org
       -*- Finger jdg@master.debian.org for my PGP public key. -*-

Reply to: