Hi Brian, On Wed, Sep 22, 2010 at 02:08:27AM -0500, Brian Ryans wrote: > ,----[ policy.sgml:9806-9809 ]- > | In the future binary packages may also contain other > | components, such as checksums and digital signatures. The > | format for the archive is described in full in the > | <file>deb(5)</file> man page. > `---- > If I'm understanding apt-secure(8) and other documentation correctly, we > already have those capabilities in debsig-verify and the Release file. > If true, wouldn't that make the paragraph quoted outdated, and thus a > candidate for deletion? > Attached is a patch that deletes the paragraph, if by some miracle > I turn out to be right. debsig-verify exists, but packages containing signatures as components are not permitted in the Debian archive. So I believe this is accurate as currently written. Per-package signatures are unrelated to signed Releases iles. Cheers, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slangasek@ubuntu.com vorlon@debian.org
Attachment:
signature.asc
Description: Digital signature