Re: md5sums (was Re: System integrity...)
Am Mon, 14 Jun 1999 schrieb Chris:
> On Sun, Jun 13, 1999 at 03:46:42AM +0200, Martin Bialasinski wrote:
> <snip>
> > CL> What is the criteria that determines which packages get .md5sums
> > CL> files stored in /var/lib/dpkg/info/ ??
> >
> > The file is created during debian/rules binary by dh_md5sums or other
> > means.
> >
>
> Yes...but I wasn't sure if there was policy requirement for this or not(?).
> Or is it just "a good thing"(TM)?
What is the current situation about signing binary packages with
Debian-developer PGP-keys ? I think all Debian packages should be signed in
some form (PGP, GPG). Would it be enough to sign packages with the own
(developer) key when this key is in the debian-keyrings package, signed by the
official Debian key ? Are there any security holes in this procedure ?
Rene
--
------------------------------------------------------------------------------
Rene Mayrhofer, ViaNova KEG NIC-HDL: RM1677-RIPE
Email: rmayr@vianova.at Snail: Penz 217, A-4441 Behamberg
PGP(DSS): E661 2E45 9B7F B239 D422 0A90 A4C2 DA09 F72F 6EC5
PGP(D/H): B77F 51A8 B046 87A6 4D61 2C5D 742F F433 6732 E4DC
PGP(RSA): 5D D4 FD A6 CE AF 4B 82 67 7F 59 89 58 CA 61 0D
GPG: 5E50 BDA0 E0B7 75A7 08AA 1123 0A4C 9474 CAA2 658B
------------------------------------------------------------------------------
Reply to: