Re: .deb integrity check
> IMHO, Individual packages should be signed (or md5sums, whatever) by the
> maintainer. The maintainer should include their public key with the package,
> and that public key should be signed by an official Debian key. Thus
> verifying that the key is in fact authentic. Dpkg shouldn't deal with
> authentication, rather apt, or dselect (urg!) - the transport - should check -
> because it's at this point that most packages are downloaded without knowing
> their authenticity.
I think dpkg should do the checking, what if I wget and then dpkg to install a
package? Just like the security advisories sent to bugtraq advise you to do.
--
-----------------------------------------------------------------------------
Sarel Botha | Computer & | +27 341 81341
(sjb@dundee.lia.net) | Accounting | BOX 2065, Dundee
| Services | 3000, South Africa
-----------------------------------------------------------------------------
"The End is near." -- http://www.geocities.com/Athens/Olympus/7771/666.htm
-----------------------------------------------------------------------------
Reply to: