[huskerlug] Re: The Debian Leap

• From: Brian Wiese <bwiese@xxxxxxxxx>
• To: huskerlug@xxxxxxxxxxxxx
• Date: Sat, 15 Mar 2003 03:28:00 -0600

On Thu, 13 Mar 2003 19:36:20 -0600
Steve <steve@xxxxxxxxxxxxx> wrote:

|       package verification (other than a simple md5 checksum).        Now I 
see
|       support is there for signing packages in woody, but it isn't being used
|       yet.  I hope this changes in the near future, because I think it's quite
|       important for verifying package integrity & authenticity.  

Same here.  I had thought there was some 'behind the scenes' package
verification done with debian packages, I looked online and found out that
this feature was indeed added into debian[1] back just _over_2_years_ago_
with the "debian-keyring" and "debsig-verify" packages.  So I installed
them and tried to apt-get several packages, only to be denied since the
"verification failed" for every package I tried.  I had to uninstall
"debsig-verify" to get any other software to install.

Then I did a google and found out this feature isn't even supported yet,
just the infrastructure is all that is set up.[2]  =(   It really is true,
"GPG is the best cypto no one is using."  Sad but honestly enough, even I
need to get a new GPG key setup.  We definately need some motivation to
get everyone using GnuPG/PGP and make it a common practice!

Does Gentoo or any other distro provide package verification besides RH? 
This really should be a common practice[3] by now, I would hope.

[1] http://www.debian.org/News/weekly/2001/8/
[2] http://cert.uni-stuttgart.de/archive/debian/user/2002/09/msg00416.html
[3] http://www.securityfocus.com/columnists/48

peace

  Brian Wiese | bwiese@xxxxxxxxx | aim: unolinuxguru
------------------------------------------------------
  GnuPG/PGP key 0x1E820A73 | "FREEDOM!" - Braveheart 
------------------------------------------------------  
This is not about Napster or DVDs. It's about your Freedom.
  I'll see your DMCA and raise you a First Amendment.
              http://www.anti-dmca.org

----
Husker Linux Users Group mailing list
To unsubscribe, send a message to huskerlug-request@xxxxxxxxxxxxx
with a subject of UNSUBSCRIBE

• Follow-Ups:
  • [huskerlug] Re: The Debian Leap
    • From: GrayGeek
  • [huskerlug] Re: The Debian Leap
    • From: Steve

• References:
  • [huskerlug] The Debain Leap
    • From: Steve

Other related posts:

• » [huskerlug] Re: The Debian Leap
• » [huskerlug] Re: The Debian Leap
• » [huskerlug] Re: The Debian Leap
• » [huskerlug] Re: The Debian Leap
• » [huskerlug] Re: The Debian Leap
• » [huskerlug] Re: The Debian Leap
• » [huskerlug] Re: The Debian Leap
• » [huskerlug] Re: The Debian Leap
• » [huskerlug] Re: The Debian Leap
• » [huskerlug] Re: The Debian Leap
• » [huskerlug] Re: The Debian Leap

1. Home
2. huskerlug
3. Archive
4. 03-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---