|
Hi Hans,
On Mittwoch, 16. Juli 2014, Hans-Christoph Steiner wrote: > What I'm talking about already exists in Debian, but is rarely used. > dpkg-sig creates a signature that is embedded in the .deb file. So that > means no matter how the .deb file got onto a system, that signature can be > verified. I'm proposing to start making dpkg-sig a standard part of > official .deb files. This can be done in stages to make it manageable. > Here's a rough idea of that:
how about you file a bug against dpkg-sig and put your plan and justification in there. Here on the mailinglist it will just be lost...
cheers, Holger |
Attachment:
signature.asc
Description: This is a digitally signed message part.