On Wed, Mar 03, 2010 at 03:14:04PM -0800, Russ Allbery wrote: > Harald Braumann <ha...@unheit.net> writes: > > > Completely agreed. Also, because playing around is always more fun than > > just talking, I've attached a script that signs/verifies binary > > packages. Dpkg doesn't seem to mind the extra files. > > > This script signs each file in the package individually, but it could > > also concatenate them all alphabetically and create just one signature. > > See debsigs. Ah, thanks, good to know.
> There have been previous discussions on debian-devel about this. I > believe DAK does not allow packages signed using debsigs to be uploaded. > I'm not sure if that's out of objection to the entire concept, or whether > there are just technical issues that need to be resolved first. (I > probably would know if I had a better memory for the previous discussion, > but unfortunately I appear to have recycled those brain cells.) Maybe this [0]? Also, it seems, that people have `discussed' it, and that there was experimental support in dpkg for it [1]. The proposal, that came out of this discussion is outlined in [2]. This was in 2000 ... I haven't found any specific reasons why it was never implemented. I guess the reason is just that it's hard to do. Not the technical side, but defining the processes. harry [0] http://lists.debian.org/debian-devel/2002/03/msg01484.html [1] http://lists.debian.org/debian-dpkg/2000/07/msg00001.html [2] http://lists.debian.org/debian-dpkg/2000/07/msg00044.html -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100304000655.ga16...@nn.nn
