Re: What's happening with package signing?

To: debian-devel@lists.debian.org
Subject: Re: What's happening with package signing?
From: Chris Frey <cdfrey@netdirect.ca>
Date: Thu, 11 May 2000 00:23:31 -0400
Message-id: <[🔎] 20000511002331.A5205@netdirect.ca>

Petr Cech replied:
> 
> > >From what I can see, not even the simplest suggestion has been implemented.
> > (i.e. signing the Packages.gz files)
> > 
> > Why?
> 
> No one showed the code?
> 

Um, I could "show the code" all I want, but:

	a) not being a maintainer
	b) not having access to the master box

I can't do much to help even if I wanted to.

I already have scripts that snarf the debian-devel-changes archives from the
website and turn them into a PGP-verified flat-file of md5sums.  It sure
makes it hard, though, when packages that are signed by keys not in the
debian-keyring package make it into the distribution... what is a poor
user supposed to do??

If signing Packages.gz is really only waiting for someone to write the
bash script, then tell me and I will write it!  Otherwise, the question
remains: why?

- Chris

Reply to:

Follow-Ups:
- Re: What's happening with package signing?
  - From: Anthony Towns <aj@azure.humbug.org.au>

Prev by Date: Re: ITP: skkfep
Next by Date: Re: scp on ftp-master.debian.org
Previous by thread: Re: What's happening with package signing?
Next by thread: Re: What's happening with package signing?
Index(es):
- Date
- Thread