On 2004.07.02 11:29, Andreas Janssen wrote:
Richard Wilbur (<richardpublic@wilburz.com>) wrote: > I've been trying off and on to install Debian Woody from CD base +> network apt (under dselect) .... I have had good luck downloading > and rotten luck installing packages downloaded. ...> "Authenticating /var/cache/apt/archives/<package>.deb > debsig: Origin signature check failed. This deb might not be > signed."As far as I know all the normal Debian packages are unsigned (at least at this time).> [...] > I don't know how to get past the debsig errors. If the Debian packages are unsigned, you should configure debsig not to require sigs for these packages, or maybe remove it completeley.
When did the policy of releasing normal Debian packages without signatures begin? Was it before or after the release of "Woody"?
The reason I ask is that it seems unfriendly, at best, to require undocumented reconfiguration of the default install tool for a distribution in order to complete the initial installation.
I like the idea of getting a binary package that comes with some assurance of its own integrity. The package can travel far and wide, as long as it retains the signature of the packager, I have reason to believe it remains unmolested. Coming from a world of .rpm and .tgz, this seems like an improvement. Thus I was eager to remedy the situation when the signature check failed and I assumed I must have downloaded some incomplete or tampered package files.