[ILUG] packaging risks and the reputation of linux distributions
Rick Moen
rick at linuxmafia.com
Tue Oct 8 11:08:03 IST 2002
Quoting Brendan Kehoe (brendan at zen.org):
> As a workaround, the various distributions could use a GPG singature
> to verify correctness of the file. Since the distributor's secret key
> is required to create that signature, it would add a pretty
> significant step that would have to be taken to make it possible to
> replace both a rpm or apt file and its accompanying signature.
There are complex problems inherent in attempts to implement this.
http://linuxmafia.com/~rick/linux-info/debian-package-signing
--
Cheers, My pid is Inigo Montoya. You kill -9
Rick Moen my parent process. Prepare to vi.
rick at linuxmafia.com
More information about the ILUG
mailing list