Henrique M Holschuh wrote: > On Fri, 04 May 2001, a certain Debian user wrote: > > I remember Debian folks wher talking about some kind of checksums to > > integrate in package manager system (dpkg e.a.) some time ago. Is there > > any work in progress, where can i find out more about this? I took a > > look on Debian's documentation and security section but did not find > > anything about this. > > A secure (digital signature-based) system is being deployed right now in the > unstable distribution, but it is not fully integrated into our archive > structure yet.
Where to find out more about it? Of course, get the packages and read whath's in'em. But what i mean is some sort online avaliable docu, mail/news or so. > Unstable's dpkg (version 1.9.4) is fully capable of > requering and checking digital signatures with the aid of the debsign > package (which is already in unstable as well), but we have not started to > distribute signatures along with packages yet. i.e. not in "testing". Any scheduling plans about when it will show up there? How wil signature distribution work? > MD5 checksums are available in most (but unfortunately not all) packages. Is this going to be a "policy" issue for packages to come into "official" Debian distribution? > MD5 checksums are always issued along with every (including security) update > to the stable distribution. This is far from perfect, but it's all we can > offer you until we finish deploying the full signature-based system, AFAIK. How can i check packages for correct checksums right now? Gerhard
