Henrique de Moraes Holschuh wrote:
> Please document this, it may save someone a grave bug someday, and maybe
> even avoid a lot of headaches.
Does it really need to be documented in policy? debconf-devel(8)
documents it:
The config script can be run in one of three ways:
1 If
On Fri, 8 Feb 2002, Manoj Srivastava wrote:
> >>"Jason" == Jason Gunthorpe <[EMAIL PROTECTED]> writes:
> Jason> If you keep the package files as you said then it all works exactly
> the
> Jason> same way as signing the individual filelists.
>
> Not quite the same. It adds complexity, i
Package: debian-policy
Version: 3.5.6.0
Severity: minor
The debconf specification text says:
The config-file contains a new element, which I call the configmodule.
This is a program that will determine the configuration before the package
is unpacked. This means it is run before the preinst
>>"Jason" == Jason Gunthorpe <[EMAIL PROTECTED]> writes:
Jason> On Fri, 8 Feb 2002, Manoj Srivastava wrote:
>> Could I keep Packages file and the Release files? Sure. Way
>> more bloat. A simple signed file list is smaller, and less prone to
>> error. And unless you mean to keep track of which
On Fri, 8 Feb 2002, Jason Gunthorpe wrote:
> Dpkg has an internal tar for extraction, and it now has a configration
> file, it should be trivial to have it optionally write out the file list
> data - someone make a patch already :P Heck, I'll even make a reference
> deb->file list converter if it
On Fri, 8 Feb 2002, Manoj Srivastava wrote:
> Could I keep Packages file and the Release files? Sure. Way
> more bloat. A simple signed file list is smaller, and less prone to
> error. And unless you mean to keep track of which Packages files to
> remove, man, it would get insane.
It wo
>>"Joey" == Joey Hess <[EMAIL PROTECTED]> writes:
Joey> Manoj Srivastava wrote:
>> In order to verify that the system is not compromised, at the
>> very least you need to have the hash file cryptographically
>> signed.
Joey> Sigh. Every time this issue comes off people wander off onto
Joey
On 08-Feb-2002 Federico Di Gregorio wrote:
> hi,
>
> hi have python-psycopg be a fake package that depends on the right
> python-psycopg package (i provide psycopg packages for python 1.5, 2.1
> and 2.2.) lintian give me an error saying that the package should
> contain at least the copyright fil
> debian-binary
> control.tar.gz
> data.tar.gz
> filelist.gz
> detatched-sig-of-filelist.gz
> detatched-sig-of-the-whole-deb
This is what I was thinking as well.
The current dpkg-deb is sub-optimal, however, for making this md5sum list. It
uses external tar to make data.tar.gz, which means each
hi,
hi have python-psycopg be a fake package that depends on the right
python-psycopg package (i provide psycopg packages for python 1.5, 2.1
and 2.2.) lintian give me an error saying that the package should
contain at least the copyright file. given that the copyright is
available because the pac
Manoj Srivastava wrote:
> In order to verify that the system is not compromised, at the
> very least you need to have the hash file cryptographically
> signed.
Sigh. Every time this issue comes off people wander off onto areas of
security. People *don't* use this for security, unless they
[Resent because I forgot to send to list]
On Fri, 2002-02-08 at 05:16, Manoj Srivastava wrote:
>
> >>"David" == David Pashley <[EMAIL PROTECTED]> writes:
>
> David> [Checked against Policy version 3.5.6.0, 2001-07-24]
> David> I would like to suggest the following changes to Policy to make it
>>"Jason" == Jason Gunthorpe <[EMAIL PROTECTED]> writes:
Jason> On Thu, 7 Feb 2002, Manoj Srivastava wrote:
>> If you have a broken dpkg/md5sum on the machine, the only way
>> to detect that after booting from known secure media (like a cdrom
>> you have audited) is if the hash file were gener
On Thu, 7 Feb 2002, Manoj Srivastava wrote:
> If you have a broken dpkg/md5sum on the machine, the only way
> to detect that after booting from known secure media (like a cdrom
> you have audited) is if the hash file were generated (and known not
> to be tampered because if a cryptograph
14 matches
Mail list logo
