[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: concrete steps for improving apt downloading security and privacy

Hi Hans,


On Mittwoch, 16. Juli 2014, Hans-Christoph Steiner wrote:

> What I'm talking about already exists in Debian, but is rarely used.

> dpkg-sig creates a signature that is embedded in the .deb file. So that

> means no matter how the .deb file got onto a system, that signature can be

> verified. I'm proposing to start making dpkg-sig a standard part of

> official .deb files. This can be done in stages to make it manageable.

> Here's a rough idea of that:


how about you file a bug against dpkg-sig and put your plan and justification in there. Here on the mailinglist it will just be lost...





Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: