[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Checking Signatures and Checksums



Hi

As I remember we had this discussion already. My latest knowledge is, if you install debsig-verify, debsigs and debian-keyring you get the feature requested. As the dpkg used in woody checks if debsig-verify is installed and if so checks the signatures of the packages you want to install. If a package signature is not valid, the package won't get installed.

Take a look at the following thread:

http://lists.debian.org/debian-security/2002/debian-security-200207/msg00130.html

Please correct me if I'm wrong.

Marcel


Also sprach "Javier Fernández-Sanguino Peña" <jfs@computer.org>  am Tage Tue, 3 Sep 2002 09:38:28 +0200:

> On Tue, Sep 03, 2002 at 07:18:08AM +0000, Aurelio Turco wrote:
> > 
> > My question is this: Is there another script (for verifying signed
> > releases) that can be used in conjunction with dselect?
> > (Yes, there are people who prefer to use dselect over apt-get!)
> > 
> 
> 	Umm... you are right in your explanation but your question is
> wrong:
> 
> 	dselect ---> (uses) --> apt-get ---> (uses) --> dpkg
> 
> 	Dselect is a GUI for apt-get which is a common interface for dpkg.
> 	Asking release checks for dselect would be like asking release
> checks for aptituted, gnome-apt, et al.
> 
> 	Regards
> 
> 	Javi
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
> 


-----

PGP / GPG Key:    http://www.ncpro.com/GPG/mmweber-at-ncpro-com.asc

Attachment: pgpRVoKUsmI6W.pgp
Description: PGP signature


Reply to: