[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: concrete steps for improving apt downloading security and privacy

Holger Levsen wrote:
> Hi Hans,
> On Mittwoch, 16. Juli 2014, Hans-Christoph Steiner wrote:
>> What I'm talking about already exists in Debian, but is rarely used. 
>> dpkg-sig creates a signature that is embedded in the .deb file.  So that
>> means no matter how the .deb file got onto a system, that signature can be
>> verified. I'm proposing to start making dpkg-sig a standard part of
>> official .deb files. This can be done in stages to make it manageable. 
>> Here's a rough idea of that:
> how about you file a bug against dpkg-sig and put your plan and justification 
> in there. Here on the mailinglist it will just be lost...

Finally did this:

And someone else filed a bug to get apt-transport-https included in apt:


Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: