Bug#203741: v0_6 branch
I've created a v0_6 branch in CVS and merged the current edition of the
signature verification code into it.
* Signature verification support patch ("apt-secure") from Colin Walters
<walters@debian.org> and Isaac Jones <ijones@syntaxpolice.org>. This
implements:
- Release signature verification (Release.gpg)
- Packages, Sources md5sum verification against Release
- Closes: #203741
* Make some modifications to signature verification support:
- Release.gpg is always retrieved and verified if present, rather than
requiring that sources be configured as secure
- Print a hint about installing gnupg if exec(gpgv) fails
- Remove obsolete pkgAcqIndexRel
- Move vendors.list stuff into a separate module (vendorlist.{h,cc})
- If any files about to be retrieved are not authenticated, issue a
warning to the user and require confirmation
* Suggests: gnupg
* Install a keyring in /usr/share/apt/debian-archive.gpg containing an
initial set of Debian archive signing keys to seed /etc/apt/trusted.gpg
* Add a new tool, apt-key(8) used to manage the keyring
--
- mdz
Reply to: