On 21/01/12 19:57, Dan McGee wrote:
On Sat, Jan 21, 2012 at 12:45 PM, kachelaqa<[email protected]> wrote:
I'm still trying to get to grips with package signing, so this question may
not make complete sense, but:
Is there a way to check whether the signature was verified when a package
was installed?
No. However, -Si shows the presence of a signature and the various
checksums (MD5, SHA256) in the database.
Okay, thanks.
Can I ask why this is? I would have expected there to be a least a log
message somewhere.
ISTM that many users might want to know which installed packages on
their systems have verified signatures, and which ones not. Would they
be misguided in seeking that information?
