Frank Lin PIAT <fp...@klabs.be> writes: > I have no strong preferences between signed APT and SIGNED DEBs... it is > just that the remaining of the thread showed that signed DEBs are quite > tough to implement. (and I still wonder how we could preserve the > current deb format with "tar.gz in ar", while signing the debs)
You add an additional ar member that contains the signed checksums of all of the files in data.tar.gz, possibly another additional member that contains the signed checksums for control.tar.gz, or you document some convention so that you can combine both into the same signed checksum document. There are other implementation methods possible, but that's probably the most obvious one. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/871vfhchnc....@windlord.stanford.edu
