On Mon, Feb 11, 2008 at 09:07:38AM +1000, Anthony Towns wrote: > On Sun, Feb 10, 2008 at 06:46:55PM +0100, Frank Lichtenheld wrote: > > On Tue, Jan 29, 2008 at 04:06:12PM +1100, Anthony Towns wrote: > > > On Sat, Jan 26, 2008 at 10:14:56PM +0100, Frank Lichtenheld wrote: > > > > The whole thing honestly doesn't do much for security anyway until the > > > > gpg > > > > support of dpkg-source is largely improved. For that I have no real > > > > concept > > > > yet, though. > > > Well, apt verifies them when it downloads the source before passing > > > it to dpkg to unpack; and there's also verification when entering the > > That would be news to me. And I can't seem to find that in the code, > > either. > > $ apt-get source dpkg > Reading package lists... Done > Building dependency tree... Done > Need to get 3385kB of source archives. > Get:1 http://blah stable/main dpkg 1.13.25 (dsc) [853B] > Get:2 http://blah stable/main dpkg 1.13.25 (tar) [3385kB] > Fetched 3385kB in 10s (334kB/s) > Failed to fetch http://blah/debian/pool/main/d/dpkg/dpkg_1.13.25.dsc MD5Sum > mismatch > E: Failed to fetch some archives.
I was talking about the GPG signature of the .dsc Gruesse, -- Frank Lichtenheld <[EMAIL PROTECTED]> www: http://www.djpig.de/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
