> Sorry if this has been asked before but is there currently any way for a
> Debian user to verify the authenticity of a .deb file using PGP without
> having the source? When a package is built, the .changes and the .dsc
> file is signed which allows dinstall to verify it but is there any support
> in apt, dpkg, or Debian in general for a detached PGP signature on the
> .deb file itself provided that the user has the Debian-keyring package
> installed?
Yes, it is an issue which is currently being talked about. At
present, there is no way to confirm the authenticity of a .deb, but it
is absolutely necessary.
Julian
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Julian Gilbey, Dept of Maths, QMW, Univ. of London. [EMAIL PROTECTED]
Debian GNU/Linux Developer. [EMAIL PROTECTED]
-*- Finger [EMAIL PROTECTED] for my PGP public key. -*-
