Re: .deb integrity check

To: debian-devel@lists.debian.org
Subject: Re: .deb integrity check
From: Amos Shapira <amos@gezernet.co.il>
Date: Thu, 10 Jun 1999 10:07:07 +0300
Message-id: <[🔎] 19990610100707B.amos@gezernet.co.il>
In-reply-to: Your message of "Wed, 9 Jun 1999 23:17:59 -0700" <[🔎] 19990609231759.A6735@kitenet.net>
References: <[🔎] 19990609231759.A6735@kitenet.net>

From: Joey Hess <joey@kitenet.net>
> Amos Shapira wrote:
> > It should be somehow possible to verify WHICH key should be verified,
> > and be able to obtain this in an independent way (i.e. if the package
> > is modified, and the key to be verified is directed to the cracker's
> > key then your verification wouldn't reveal this, would it?).
> 
> If the package has to be signed by a key in the debian keyring, which itself
> must be signed by a single key, they can't do this.

Sounds like the answer to my point.  So what's preventing the addition
of this to dpkg?  Manpower or crypto laws?

Cheers,

--Amos

--Amos Shapira                  | "Of course Australia was marked for
                                |  glory, for its people had been chosen
amos@gezernet.co.il             |  by the finest judges in England."
                                |                         -- Anonymous

Reply to:

Follow-Ups:
- Re: .deb integrity check
  - From: Brian May <bam@snoopy.apana.org.au>
- Re: .deb integrity check
  - From: Joseph Carter <knghtbrd@debian.org>

References:
- Re: .deb integrity check
  - From: Joey Hess <joey@kitenet.net>

Prev by Date: Re: .deb integrity check
Next by Date: Re: upload question
Previous by thread: Re: .deb integrity check
Next by thread: Re: .deb integrity check
Index(es):
- Date
- Thread