-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Using GPG like this? :-) On Saturday 15 March 2003 03:28 am, you wrote: > On Thu, 13 Mar 2003 19:36:20 -0600 > > Steve <steve@xxxxxxxxxxxxx> wrote: > | package verification (other than a simple md5 checksum). Now I > see > | support is there for signing packages in woody, but it isn't being used > | yet. I hope this changes in the near future, because I think it's quite > | important for verifying package integrity & authenticity. > > Same here. I had thought there was some 'behind the scenes' package > verification done with debian packages, I looked online and found out that > this feature was indeed added into debian[1] back just _over_2_years_ago_ > with the "debian-keyring" and "debsig-verify" packages. So I installed > them and tried to apt-get several packages, only to be denied since the > "verification failed" for every package I tried. I had to uninstall > "debsig-verify" to get any other software to install. > > Then I did a google and found out this feature isn't even supported yet, > just the infrastructure is all that is set up.[2] =( It really is true, > "GPG is the best cypto no one is using." Sad but honestly enough, even I > need to get a new GPG key setup. We definately need some motivation to > get everyone using GnuPG/PGP and make it a common practice! > > Does Gentoo or any other distro provide package verification besides RH? > This really should be a common practice[3] by now, I would hope. > > [1] http://www.debian.org/News/weekly/2001/8/ > [2] http://cert.uni-stuttgart.de/archive/debian/user/2002/09/msg00416.html > [3] http://www.securityfocus.com/columnists/48 > > peace > > Brian Wiese | bwiese@xxxxxxxxx | aim: unolinuxguru > ------------------------------------------------------ > GnuPG/PGP key 0x1E820A73 | "FREEDOM!" - Braveheart > ------------------------------------------------------ > This is not about Napster or DVDs. It's about your Freedom. > I'll see your DMCA and raise you a First Amendment. > http://www.anti-dmca.org > > ---- > Husker Linux Users Group mailing list > To unsubscribe, send a message to huskerlug-request@xxxxxxxxxxxxx > with a subject of UNSUBSCRIBE - -- - -- GrayGeek -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+c0F+q1Ef6ZbWHeERAniLAKC5DNxkkt9qDquTuVknwyYU9tTn8wCglNJe t3jS3x2V8L/OaYOdBHrTMYs= =EYzr -----END PGP SIGNATURE----- ---- Husker Linux Users Group mailing list To unsubscribe, send a message to huskerlug-request@xxxxxxxxxxxxx with a subject of UNSUBSCRIBE