Re: Official Debian digital 'branding' of debs

To: Gunnar.Isaksson@saab.se
Cc: debian-devel@lists.debian.org
Subject: Re: Official Debian digital 'branding' of debs
From: "James R. Van Zandt" <jrv@vanzandt.mv.com>
Date: Sun, 20 Jun 1999 17:31:14 -0400 (EDT)
Message-id: <[🔎] m10vpBK-0006GiC@vanzandt.mv.com>
In-reply-to: <[🔎] 376A06C5.F365D0E1@saab.se> (Gunnar.Isaksson@saab.se)
References: <[🔎] 376A06C5.F365D0E1@saab.se>

Gunnar.Isaksson@saab.se writes:
>Since I work in a very security aware environment I would
>like every debian binary to also be PGP signed.

All this really requires is saving the "changes" file that is
submitted with every binary upload.  It includes the length and an
md5sum of the .deb file.  The .changes file is signed by the
maintainer. 

Come to think of it, those files are supposed to be posted to
debian-changes (for stable) or debian-devel-changes (for unstable) so
they should be archived at http://www.debian.org/support.html.  (My
own uploads do not seem to be included, for some reason.)  Making the
information more accessible would help, of course.

		       - Jim Van Zandt

Reply to:

References:
- Official Debian digital 'branding' of debs
  - From: Gunnar.Isaksson@saab.se

Prev by Date: ITP: genparse, another command line parser generator
Next by Date: Intent to package unsymlink
Previous by thread: Re: Official Debian digital 'branding' of debs
Next by thread: nanog-traceroute freed!
Index(es):
- Date
- Thread