Re: Package/Mirror integrity?
On Mon, May 07, 2001 at 11:39:06AM +0200, Gerhard Kroder wrote:
> Current "testing" contains a "debsig-verify" package. Is this different to
> what you called "debsign"?
debsign signs a package .dsc and .changes file to get it validatet by the
UploadQueue. After that the end-user has only the possibility to check
a signature of a source file as the changes file (which file list included
the binary produced by the maintainer) is not put on the archive.
debsig-verify should in the future allow to verify a signature that the
maintainer (or a build-daemon for e.g. sparc/alpha) has applied to the
.deb itself thus giving the end-user the possibility to check binary
As far as I know there's no possibility to actually apply such a binary
signature to a .deb yet. If I'm wrong please point me someone to the
relevant docs :)