Re: New field proposed, UUID

To: Ben Collins <bcollins@debian.org>, debian-dpkg@lists.debian.org, debian-policy@lists.debian.org
Subject: Re: New field proposed, UUID
From: Joey Hess <joeyh@debian.org>
Date: Wed, 29 Nov 2000 16:14:25 -0800
Message-id: <[🔎] 20001129161425.R25201@kitenet.net>
Mail-followup-to: Joey Hess <joeyh@debian.org>, Ben Collins <bcollins@debian.org>, debian-dpkg@lists.debian.org, debian-policy@lists.debian.org
In-reply-to: <[🔎] B34839947C5FD2118D9100A0C9D5DE430544861B@atl-nt-ex1.eclipsnet.com>; from Fred.Reimer@Eclipsys.com on Wed, Nov 29, 2000 at 07:09:14PM -0500
References: <[🔎] B34839947C5FD2118D9100A0C9D5DE430544861B@atl-nt-ex1.eclipsnet.com>

If I understand right, Ben wants something unique that can be signed
for some secrit package signing scheme. Assuming the sig goes in a
component after control.tar.gz and data.tar.gz, why can't is just sign
a concacentation of their md5sums?

I don't understand how signing a uuid that is just listed in the control
file and could be modified by anyone is cryptographically secure.

Must be missing something.

-- 
see shy jo

Reply to:

Follow-Ups:
- Re: New field proposed, UUID
  - From: Seth Arnold <sarnold@willamette.edu>
- Re: New field proposed, UUID
  - From: Ben Collins <bcollins@debian.org>

References:
- RE: New field proposed, UUID
  - From: "Reimer, Fred" <Fred.Reimer@Eclipsys.com>

Prev by Date: RE: New field proposed, UUID
Next by Date: Re: [PROPOSAL] Full text of GPL must be included
Previous by thread: RE: New field proposed, UUID
Next by thread: Re: New field proposed, UUID
Index(es):
- Date
- Thread