Re: PGP and Debian question

To: shane@cm.nu (Shane Wegner)
Cc: debian-mentors@lists.debian.org
Subject: Re: PGP and Debian question
From: Julian Gilbey <J.D.Gilbey@qmw.ac.uk>
Date: Sun, 2 May 1999 02:30:50 +0100 (BST)
Message-id: <[🔎] E10dl5m-0000OU-00@polya>
In-reply-to: <[🔎] 19990501002954.A5678@continuum.cm.nu> from Shane Wegner at "May 1, 1999 0:29:54 am"

> Sorry if this has been asked before but is there currently any way for a
> Debian user to verify the authenticity of a .deb file using PGP without
> having the source?  When a package is built, the .changes and the .dsc
> file is signed which allows dinstall to verify it but is there any support
> in apt, dpkg, or Debian in general for a detached PGP signature on the
> .deb file itself provided that the user has the Debian-keyring package
> installed?

Yes, it is an issue which is currently being talked about.  At
present, there is no way to confirm the authenticity of a .deb, but it
is absolutely necessary.

   Julian

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

  Julian Gilbey, Dept of Maths, QMW, Univ. of London. J.D.Gilbey@qmw.ac.uk
             Debian GNU/Linux Developer.  jdg@debian.org
       -*- Finger jdg@master.debian.org for my PGP public key. -*-

Reply to:

References:
- PGP and Debian question
  - From: Shane Wegner <shane@cm.nu>

Prev by Date: 2 Questions
Next by Date: dpkg: .deb should contain authentication data
Previous by thread: PGP and Debian question
Next by thread: Creating a mysql database in a postinst script
Index(es):
- Date
- Thread