Holger Levsen wrote: > Hi Hans, > > On Mittwoch, 16. Juli 2014, Hans-Christoph Steiner wrote: >> What I'm talking about already exists in Debian, but is rarely used. >> dpkg-sig creates a signature that is embedded in the .deb file. So that >> means no matter how the .deb file got onto a system, that signature can be >> verified. I'm proposing to start making dpkg-sig a standard part of >> official .deb files. This can be done in stages to make it manageable. >> Here's a rough idea of that: > > how about you file a bug against dpkg-sig and put your plan and justification > in there. Here on the mailinglist it will just be lost...
Finally did this: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762153 And someone else filed a bug to get apt-transport-https included in apt: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756535 .hc
signature.asc
Description: OpenPGP digital signature
