Re: Package/Mirror integrity?
Henrique M Holschuh wrote:
> On Fri, 04 May 2001, a certain Debian user wrote:
> > I remember Debian folks wher talking about some kind of checksums to
> > integrate in package manager system (dpkg e.a.) some time ago. Is there
> > any work in progress, where can i find out more about this? I took a
> > look on Debian's documentation and security section but did not find
> > anything about this.
> A secure (digital signature-based) system is being deployed right now in the
> unstable distribution, but it is not fully integrated into our archive
> structure yet.
Where to find out more about it? Of course, get the packages and read whath's
in'em. But what i mean is some sort online avaliable docu, mail/news or so.
> Unstable's dpkg (version 1.9.4) is fully capable of
> requering and checking digital signatures with the aid of the debsign
> package (which is already in unstable as well), but we have not started to
> distribute signatures along with packages yet.
i.e. not in "testing". Any scheduling plans about when it will show up there?
How wil signature distribution work?
> MD5 checksums are available in most (but unfortunately not all) packages.
Is this going to be a "policy" issue for packages to come into "official"
> MD5 checksums are always issued along with every (including security) update
> to the stable distribution. This is far from perfect, but it's all we can
> offer you until we finish deploying the full signature-based system, AFAIK.
How can i check packages for correct checksums right now?