On Tue, Jul 15, 2014 at 12:24 AM, Hans-Christoph Steiner wrote:

> I agree that .deb packages should be individually signed
...
> This has been discussed in the past.  I really think it is just a
> matter of someone doing the work.
The work has been done many years ago and has been in the archive for
ages but has probably bitrotten since apt repo signing won (mostly,
some derivatives don't sign their repos) and now no-one uses deb
signing (probably). The packages are dpkg-sig debsigs debsig-verify.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


-- 
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CAKTje6Fk+8zDHmQRsqYLDe0ABAb8q2OMrnRmvyhp2OyYFe=w...@mail.gmail.com

Reply via email to