On 4/4/02 11:31 PM, "Chris Zubrzycki" <[EMAIL PROTECTED]> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Thursday, April 4, 2002, at 07:28 AM, Max Horn wrote: > >> At 8:31 Uhr -0500 03.04.2002, Chris Zubrzycki wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Is there any way of signing the deb files in the bin dist to make sure >>> they were make by an authorized developer? Is this in the plan for the >>> future? I remember reading that debian maintainers signs thier >>> packages. just a thought. >> >> See my mail to Jeremy for some information on this. >> >> No there is no way to automate the verification of signatures right >> now. We could start to sign .debs in the future, though, and ship the >> .sig's with them. That doesn't mean automatic checking, though. I don't >> think apt-get / dselect support that right now, but I didn't look into >> it yet either, so I might be wrong (anybody got a pointer for me on >> this) ? > > gotta love google ;-) > > http://www.debian.org/doc/manuals/securing-debian-howto/ch7.en.html > > they say it will not be implemented in woody, but in the next release > (sid?) I think the sid deb tools have this feature, it is just not used > right now (If I remember correctly from debian-security) > > - -chris zubrzycki >From http://www.debian.org/doc/developers-reference/ch-archive.en.html "Debian 2.2, `potato'; and Debian 3.0, `woody'. There is also a ``pseudo-distribution'', called `sid', which is the current `unstable' distribution" :) As for the automatic checking, I'm not sure... _______________________________________________ Fink-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/fink-devel
