On Fri, 04 May 2001, Debian User wrote: > Henrique M Holschuh wrote: > > A secure (digital signature-based) system is being deployed right now in the > > unstable distribution, but it is not fully integrated into our archive > > structure yet. > > Where to find out more about it? Of course, get the packages and read whath's > in'em. But what i mean is some sort online avaliable docu, mail/news or so. I don't think there is any docs besides the manpages and source. > i.e. not in "testing". Any scheduling plans about when it will show up there? > How wil signature distribution work? Things get installed in testing when they get installed in testing. There are complicated heuristics behind testing's automated update; I have no idea when dpkg will be upgraded. Try to read about testing in http://ftp-master.debian.org/testing/ if you're curious. > > MD5 checksums are available in most (but unfortunately not all) packages. > Is this going to be a "policy" issue for packages to come into "official" > Debian distribution? No. We'll simply sign all of the packages, and the recommended way to take care of the unpacked files has always been using tripwire or AIDE, or another software like that. > > MD5 checksums are always issued along with every (including security) update > > to the stable distribution. This is far from perfect, but it's all we can > > offer you until we finish deploying the full signature-based system, AFAIK. > > How can i check packages for correct checksums right now? See the debsums package, and the dlocate package. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh
Attachment:
pgpZ0hhZ4ApGA.pgp
Description: PGP signature