-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday, April 4, 2002, at 07:28 AM, Max Horn wrote:
> At 8:31 Uhr -0500 03.04.2002, Chris Zubrzycki wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Is there any way of signing the deb files in the bin dist to make sure >> they were make by an authorized developer? Is this in the plan for the >> future? I remember reading that debian maintainers signs thier >> packages. just a thought. > > See my mail to Jeremy for some information on this. > > No there is no way to automate the verification of signatures right > now. We could start to sign .debs in the future, though, and ship the > .sig's with them. That doesn't mean automatic checking, though. I don't > think apt-get / dselect support that right now, but I didn't look into > it yet either, so I might be wrong (anybody got a pointer for me on > this) ? gotta love google ;-) http://www.debian.org/doc/manuals/securing-debian-howto/ch7.en.html they say it will not be implemented in woody, but in the next release (sid?) I think the sid deb tools have this feature, it is just not used right now (If I remember correctly from debian-security) - -chris zubrzycki - - -- PGP public key: http://homepage.mac.com/beren/publickey.txt ID: 0xA2ABC070 Fingerprint: 26B0 BA6B A409 FA83 42B3 1688 FBF9 8232 A2AB C070 ======================================================== Remember: it's a "Microsoft virus", not an "email virus", a "Microsoft worm", not a "computer worm". -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (Darwin) Comment: For info see http://www.gnupg.org iD8DBQE8rFXN+/mCMqKrwHARAryUAKDGs4tuv0GxXLfhfP3op2BBIJng7QCgugC1 bvh6+JALQeydlDjaa5nzKI4= =R6LG -----END PGP SIGNATURE----- _______________________________________________ Fink-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/fink-devel
