[huskerlug] Re: The Debian Leap

• From: GrayGeek <jkreps@xxxxxxxxxx>
• To: huskerlug@xxxxxxxxxxxxx
• Date: Sat, 15 Mar 2003 09:06:30 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Using GPG like this?
:-)

On Saturday 15 March 2003 03:28 am, you wrote:
> On Thu, 13 Mar 2003 19:36:20 -0600
>
> Steve <steve@xxxxxxxxxxxxx> wrote:
> |     package verification (other than a simple md5 checksum).        Now I 
> see
> |     support is there for signing packages in woody, but it isn't being used
> |     yet.  I hope this changes in the near future, because I think it's quite
> |     important for verifying package integrity & authenticity.
>
> Same here.  I had thought there was some 'behind the scenes' package
> verification done with debian packages, I looked online and found out that
> this feature was indeed added into debian[1] back just _over_2_years_ago_
> with the "debian-keyring" and "debsig-verify" packages.  So I installed
> them and tried to apt-get several packages, only to be denied since the
> "verification failed" for every package I tried.  I had to uninstall
> "debsig-verify" to get any other software to install.
>
> Then I did a google and found out this feature isn't even supported yet,
> just the infrastructure is all that is set up.[2]  =(   It really is true,
> "GPG is the best cypto no one is using."  Sad but honestly enough, even I
> need to get a new GPG key setup.  We definately need some motivation to
> get everyone using GnuPG/PGP and make it a common practice!
>
> Does Gentoo or any other distro provide package verification besides RH?
> This really should be a common practice[3] by now, I would hope.
>
> [1] http://www.debian.org/News/weekly/2001/8/
> [2] http://cert.uni-stuttgart.de/archive/debian/user/2002/09/msg00416.html
> [3] http://www.securityfocus.com/columnists/48
>
> peace
>
>   Brian Wiese | bwiese@xxxxxxxxx | aim: unolinuxguru
> ------------------------------------------------------
>   GnuPG/PGP key 0x1E820A73 | "FREEDOM!" - Braveheart
> ------------------------------------------------------
> This is not about Napster or DVDs. It's about your Freedom.
>   I'll see your DMCA and raise you a First Amendment.
>               http://www.anti-dmca.org
>
> ----
> Husker Linux Users Group mailing list
> To unsubscribe, send a message to huskerlug-request@xxxxxxxxxxxxx
> with a subject of UNSUBSCRIBE

- -- 
- --
GrayGeek
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+c0F+q1Ef6ZbWHeERAniLAKC5DNxkkt9qDquTuVknwyYU9tTn8wCglNJe
t3jS3x2V8L/OaYOdBHrTMYs=
=EYzr
-----END PGP SIGNATURE-----


----
Husker Linux Users Group mailing list
To unsubscribe, send a message to huskerlug-request@xxxxxxxxxxxxx
with a subject of UNSUBSCRIBE

• Follow-Ups:
  • [huskerlug] Re: The Debian Leap
    • From: J.R. Wessels

• References:
  • [huskerlug] The Debain Leap
    • From: Steve
  • [huskerlug] Re: The Debian Leap
    • From: Brian Wiese

Other related posts:

• » [huskerlug] Re: The Debian Leap
• » [huskerlug] Re: The Debian Leap
• » [huskerlug] Re: The Debian Leap
• » [huskerlug] Re: The Debian Leap
• » [huskerlug] Re: The Debian Leap
• » [huskerlug] Re: The Debian Leap
• » [huskerlug] Re: The Debian Leap
• » [huskerlug] Re: The Debian Leap
• » [huskerlug] Re: The Debian Leap
• » [huskerlug] Re: The Debian Leap
• » [huskerlug] Re: The Debian Leap

1. Home
2. huskerlug
3. Archive
4. 03-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---