On Fri, 04 May 2001, a certain Debian user wrote: > I remember Debian folks wher talking about some kind of checksums to > integrate in package manager system (dpkg e.a.) some time ago. Is there > any work in progress, where can i find out more about this? I took a > look on Debian's documentation and security section but did not find > anything about this. A secure (digital signature-based) system is being deployed right now in the unstable distribution, but it is not fully integrated into our archive structure yet. Unstable's dpkg (version 1.9.4) is fully capable of requering and checking digital signatures with the aid of the debsign package (which is already in unstable as well), but we have not started to distribute signatures along with packages yet. MD5 checksums are available in most (but unfortunately not all) packages. MD5 checksums are always issued along with every (including security) update to the stable distribution. This is far from perfect, but it's all we can offer you until we finish deploying the full signature-based system, AFAIK. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh
Attachment:
pgpuLRDdXLUq0.pgp
Description: PGP signature