Re: Package signatures tools

To: "J?rgen A.Erhard" <jae@jerhard.org>
Cc: Debian User List <debian-user@lists.debian.org>, Debian Development <debian-devel@lists.debian.org>
Subject: Re: Package signatures tools
From: Ben Collins <bcollins@debian.org>
Date: Fri, 11 Jul 2003 11:24:33 -0400
Message-id: <[🔎] 20030711152433.GS439@phunnypharm.org>
In-reply-to: <[🔎] E19b074-0000xY-00@sanctum.jerhard.org>
References: <[🔎] E19b074-0000xY-00@sanctum.jerhard.org>

On Fri, Jul 11, 2003 at 05:47:10PM +0200, J?rgen A.Erhard wrote:
> I'm releasing these things now... have them in development and use for
> a couple weeks/months now.
> 
> A Python module for doing debsigs-type package signatures and
> verification thereof.  Uses and included module for GnuPG file
> signatures and verification.

Also, I think using any scripted tool to do the verification is asking
for security holes. It pulls in too many variables on which verification
needs to depend. The debsigs-verify tool does the verification and xml
parsing all in one C program.

What did you find wrong with the current tools already available and
documented? The only thing they need is policy to get them going. Dpkg
can already call debsig-verify to validate a package. It just needs to
be turned on.

-- 
Debian     - http://www.debian.org/
Linux 1394 - http://www.linux1394.org/
Subversion - http://subversion.tigris.org/
Deqo       - http://www.deqo.com/

Reply to:

References:
- Package signatures tools
  - From: Jürgen A.Erhard <jae@jerhard.org>

Prev by Date: Re: color picker CHANGED to [OT] Mozilla suggestions
Next by Date: Re: less problems
Previous by thread: Re: Package signatures tools
Next by thread: Kernel building made easier
Index(es):
- Date
- Thread