Bug#203741: Signature verification status

To: Michael Vogt <mvogt@acm.org>
Cc: 203741@bugs.debian.org
Subject: Bug#203741: Signature verification status
From: Matt Zimmerman <mdz@debian.org>
Date: Tue, 23 Sep 2003 15:58:10 -0400
Message-id: <[🔎] 20030923195810.GI29549@alcor.net>
Reply-to: Matt Zimmerman <mdz@debian.org>, 203741@bugs.debian.org
In-reply-to: <[🔎] 20030923133946.GC18942@sam>
References: <[🔎] 20030922230723.GC6931@alcor.net> <[🔎] 20030923133946.GC18942@sam>

On Tue, Sep 23, 2003 at 03:39:46PM +0200, Michael Vogt wrote:

> I have not follwed the discussion closly, but I would like to encourage
> you to stay as close as possible with the apt-rpm solution. This help
> tools like synaptic (which I maintain) to be able to work with both
> versions of apt. Synaptic already supports the siging stuff that apt-rpm
> provides. 
> 
> I would also love to be able to test the signing stuff early to ensure
> that synaptic will not break. 

In what way is it different?  It doesn't seem that a frontend like synaptic
should need to worry about this kind of thing; the signatures are verified
when the package lists are downloaded, and after that it should be
transparent (so far).

If their Release files are different or something (or they verify packages
rather than releases), then the solutions are fundamentally different
(though perhaps not incompatible).

-- 
 - mdz

Reply to:

References:
- Bug#203741: Signature verification status
  - From: Matt Zimmerman <mdz@debian.org>
- Bug#203741: Signature verification status
  - From: Michael Vogt <mvogt@acm.org>

Prev by Date: Bug#203741: Signature verification status
Next by Date: Bug#203741: Current diff
Previous by thread: Bug#203741: Signature verification status
Next by thread: Processing of apt_0.5.13_i386.changes
Index(es):
- Date
- Thread