-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi there
Thanks! So to bring my questions to an end: In dpkg 1.9.21 the signature
checking feature for the .debs is compiled into the code AND active as
soon as debsig-verify is installed. I read the mentioned thread too, but
it was not clear to m
Quoting my own post:
> All you have to do is install debsig-verify. If the latter is present,
> dpkg will automatically check the signature of any package to be
> installed, and die if verification fails (except where overridden using
> a "--force-bad-verify" switch, or possibly --no-debsig, whic
Quoting Marcel Weber ([EMAIL PROTECTED]):
> A. Do I have to do something to activate this feature, besides of
> installing debsigxxx? For example setting a flag in a config file. The
> dpkg and dselect man pages do not say anything about the signature
> verification (as for 1.9.21 on woody).
I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Okay, so here are my questions then:
A. Do I have to do something to activate this feature, besides of
installing debsigxxx? For example setting a flag in a config file. The
dpkg and dselect man pages do not say anything about the signature
verifi
Previously Marcel Weber wrote:
> Sorry for answering my questions for myself: There seems to be a patch
> for dpkg that uses the above packages for this reason. Is this
> incorporated in the newest releases of dpkg?
Yes.
Wichert.
--
Also sprach "Marcel Weber" <[EMAIL PROTECTED]> am Tage Tue, 9 Jul 2002
12:59:12 +0200:
> As I see this ideas are not really original: There seem to be three packages
> for this functionality:
>
> debian-keyring
> debsig-verify
> debsigs
>
Sorry for answering my questions for myself: There
> Or even better: what about a central debian maintainer key repository? This
> repository could then be installed as a .deb package. And ONLY
> _this_very_package_ would be signed with the debian über-key. And for every
> other package to be installed, the public key would have to be in this t
Also sprach "Samuele Giovanni Tonon" <[EMAIL PROTECTED]> am Tage Tue, 9 Jul
2002 12:31:12 +0200:
> On Mon, Jul 08, 2002 at 11:31:55PM +0100, Matthew Johnson wrote:
> > On Mon, 2002-07-08 at 22:15, Marcel Weber wrote:
> > >
> > The main problem is presumably with trust of the keys. If all the
On Mon, Jul 08, 2002 at 11:31:55PM +0100, Matthew Johnson wrote:
> On Mon, 2002-07-08 at 22:15, Marcel Weber wrote:
> >
> > Well this would not be a big thing, would it? When I take a look at the ftp
> > server, there is a .dsc with pgp signatures for each package. So letting
> > dselect / aptitud
Quoting Marcel Weber ([EMAIL PROTECTED]):
>> Certain parts of the package are signed but there is no automated checking
>> of those signatures AFAIK.
>
> Well this would not be a big thing, would it? When I take a look at
> the ftp server, there is a .dsc with pgp signatures for each package.
> S
On Mon, 2002-07-08 at 22:15, Marcel Weber wrote:
> >
> > Actually, as the system is, it could. There was an arcticle on
> > this some time
> > ago...
> >
> > Certain parts of the package are signed but there is no automated checking
> > of those signatures AFAIK.
> >
>
>
> Well this would not be
>
> Actually, as the system is, it could. There was an arcticle on
> this some time
> ago...
>
> Certain parts of the package are signed but there is no automated checking
> of those signatures AFAIK.
>
Well this would not be a big thing, would it? When I take a look at the ftp
server, there is
> "Marcel" == Marcel Weber <[EMAIL PROTECTED]> writes:
[...]
Marcel> I'm working with dselect to do an update. Then I install all the
Marcel> new packages. Are the package's signatures checked automatically
Marcel> AND would the system complain if a signature wouldn't be valid
Marcel> or miss
On Mon, 08 Jul 2002 at 09:31:49PM +0300, Marcel Weber wrote:
> Hi
>
> I just have a silly question: During a discussion in a newsgroup about the
> Mac OS X Software Update vulnerabity
> (http://www.cunap.com/~hardingr/projects/osx/exploit.html) someone said,
> that this could happen with debian, t
Hi
I just have a silly question: During a discussion in a newsgroup about the
Mac OS X Software Update vulnerabity
(http://www.cunap.com/~hardingr/projects/osx/exploit.html) someone said,
that this could happen with debian, too. I argued, that this is not possible
as debian uses pgp / gpg signatur
15 matches
Mail list logo
