[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Package/Mirror integrity?

On Mon, May 07, 2001 at 11:39:06AM +0200, Gerhard Kroder wrote:
> Current  "testing" contains a "debsig-verify" package. Is this different to
> what you called "debsign"?
debsign signs a package .dsc and .changes file to get it validatet by the
UploadQueue. After that the end-user has only the possibility to check
a signature of a source file as the changes file (which file list included
the binary produced by the maintainer) is not put on the archive.

debsig-verify should in the future allow to verify a signature that the
maintainer (or a build-daemon for e.g. sparc/alpha) has applied to the
.deb itself thus giving the end-user the possibility to check binary 
packages, too.

As far as I know there's no possibility to actually apply such a binary
signature to a .deb yet. If I'm wrong please point me someone to the 
relevant docs :)



Reply to: