-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marcel Weber <[EMAIL PROTECTED]> wrote: > "Jussi Ekholm" <[EMAIL PROTECTED]> wrote: >> I was just wondering about the policy, in general - too. Are the >> "official" Debian packages created with MD5 checksum file, as well? >> And does ``debsums'' work in conjunction with apt, so it would check >> the package and checksum file before apt installs it? As I said, just >> mapping my options here... > > We had this kind of discussion some weeks ago on this list. Here is my > "resumé" that I wrote: [...]
> In this case we can say: When doing network installs via dselect or any > other apt-get frontend, the signatures of the .debs are checked during > installation time, IF debsig-verify is installed. This works at least > from dpkg 1.9.21 on. Ok, thanks. Of course, GnuPG/PGP signature is a bit different than MD5 checksums, but thanks a lot for pointing this out for me. I just installed ``debsig-verify'' -- is it supposed to add some extra messages to usual apt's messages? Something like "Good signature" or such? Ah well, maybe I should read ``debsig-verify(1)'' and other documentation that comes along. :-) Oh, and I have dpkg 1.10, so it should work if what you say holds true. Thanks again for your help. - -- Jussi Ekholm -- <[EMAIL PROTECTED]> -- http://erppimaa.ihku.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9S7f+AtEARxQQCB4RAk7vAJ9QtUzabPMQYIBnzNu1St+L0xDHzQCfR/G6 vl6SdS68w79bCLAavSJdoRA= =1jzi -----END PGP SIGNATURE-----
