On Tue 07 Mar 2023 at 12:19:21 (+0100), Cédric Van Rompay wrote: > > I was looking at [the debsig-verify project]( > https://salsa.debian.org/dpkg-team/debsig-verify) and I cannot find which > document is refered to in this part of the man pages: > > > This program implements the verification specs defined in the document, > "Package Verification with dpkg: Implementation", which is a more complete > reference for the verification procedure. > > > > source: > https://salsa.debian.org/dpkg-team/debsig-verify/-/blob/2ce143bb7a65fff3f5e837e788f621659cb67152/doc/debsig-verify.1.in#L27 > > I found [this document about signatures in debian packages][2] but it > doesn't give many details about signature verification. > > Any idea which document is this refering to? > > Also, I tried creating an account at https://salsa.debian.org to create an > issue on the project, but I got a HTTP 500 error during the process. > > [2]: > https://www.debian.org/doc/manuals/securing-debian-manual/deb-pack-sign.en.html
You might consider installing debsigs, which contains this document at /usr/share/doc/debsigs/debsigs.txt.gz, and dpkg-sig, which AIUI presents an implementation example. Cheers, David.
