Manoj Srivastava wrote: > > All right, I think I a beginning to agree. Maybe dpkg *should > have integrity checking (as well as permission and ownership being > recorded record [in the .list file maybe?] -- like a ls -al listing)
I am always annoyed by having dpkg -c and dpkg -L use a different format. maybe this is the right time to put a tar -tv into .list > > If per file mdsums are to be recorded, then maybe hte too > should be pgp-signed (possibly by dpkg at package build time, > possibly a detached signature). as I already said, I think that maintainer's signatures are essential for the Debian Installer to certify the origin and integrity of the uploaded things, but could give a fake security if checked by users later (maybe months later) on installed systems. Fabrizio -- | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] | Pluto Leader - Debian Developer & Happy Debian 1.3.1 User - vi-holic | 6F7267F5 fingerprint 57 16 C4 ED C9 86 40 7B 1A 69 A1 66 EC FB D2 5E > Just because Red Hat do it doesn't mean it's a good idea. [Ian J.]
