Re: building binary-only package with different name?

To: Steve Langasek <vorlon@netexpress.net>
Cc: debian-mentors@lists.debian.org
Subject: Re: building binary-only package with different name?
From: Peter S Galbraith <GalbraithP@dfo-mpo.gc.ca>
Date: Tue, 27 Feb 2001 13:35:08 -0500
Message-id: <[🔎] 20010227183508.4AB5F45C1@mixing.qc.dfo.ca>
In-reply-to: (Your message of Tue, 27 Feb 2001 12:24:54 CST.) <[🔎] Pine.LNX.4.30.0102271221330.30176-100000@tennyson.netexpress.net>

Steve Langasek wrote:

> On Tue, 27 Feb 2001, Peter S Galbraith wrote:
> 
> > In fact, make _sure_ you don't allow access to a signed .changes
> > file on an unofficial web page because that would allow anybody
> > to upload it to Debian.  It's signed after all.
> 
> Are the Debian upload queues not all password-protected? 

I thought there were some anonymous ones.  I've never used them
so I'm not certain.

> If they aren't all password-protected, then how can we cryptographically sign
> packages which are not suitable for upload into Debian that we want to
> distribute from our own sites?

You can safely use the signed .dsc file for the source part.
The signed .changes files really only adds the .deb to that, but
the .deb itself isn't signed, so sign any ascii file that
displays the md5sum of the .deb.  It doesn't have to be the
.changes file at all.

Peter

Reply to:

References:
- Re: building binary-only package with different name?
  - From: Steve Langasek <vorlon@netexpress.net>

Prev by Date: Re: building binary-only package with different name?
Next by Date: Re: subarchitectures (was Re: What to do with optimization flags ? )
Previous by thread: Re: building binary-only package with different name?
Next by thread: Re: building binary-only package with different name?
Index(es):
- Date
- Thread