[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Package/Mirror integrity?



On Tue, May 15, 2001 at 03:04:59PM +0200, Petr Cech wrote:
> 
> yes. there is now Release.gpg, which is a sign or Release, which includes
> md5 and size of Packages, which in turn include md5 of .deb files. You only
> need to look at FTP archive, as I've just done to see, what's implemented.

neat.  does the current apt-get know how to get and check this
signature on its own?  

> There is also a way to sign individual packages. dpkg, debsigs,
> debsig-verify

is there any plans for .debs to be individually gpg signed by the time
woody ships?  

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgpzdChdUCyQu.pgp
Description: PGP signature


Reply to: