Re: [Reproducible-builds] concrete steps for improving apt downloading security and privacy

On 09/19/2014 06:07 AM, Elmar Stellnberger wrote: >Isn`t there really any way to include the signatures in the header of > the .deb files? > Why not simply add multiple signature files in the control.tar.gz of a > .deb just next > to the md5sums which should in deed be a sha256sums (otherwise t

Re: [SECURITY] [DSA 3025-2] apt regression update

> UNSUBSCRIBE! The instructions tu unsubscribe are in the footer of every mail in the mailing list. > > -- > > To UNSUBSCRIBE, email to debian-security-announce-requ...@lists.debian.org > > with a subject of "unsubscribe". Trouble? Contact > > listmas...@lists.debian.org > > Archive: https://l

Re: concrete steps for improving apt downloading security and privacy

Am 19.09.14 um 06:34 schrieb Paul Wise: On Fri, Sep 19, 2014 at 9:30 AM, Hans-Christoph Steiner wrote: Finally did this: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762153 Please note that you proposal to add signatures to .deb files will break reproducible builds because the hash of the