[buug] Gentoo, Bluecurve and Linux too!
Rick Moen
rick at linuxmafia.com
Fri Oct 18 17:32:29 PDT 2002
Quoting Ian Zimmerman (itz at speakeasy.org):
> Debian has something similar, although not all packages support it.
> ls /var/lib/dpkg/info/*.md5sums
It's a more-complex issue than most people would have you believe.
The tools exist. The signing mostly exists. The threat model is such
that _meaningful_ verification is non-trivial.
http://linuxmafia.com/~rick/linux-info/debian-package-signing
--
"Is it not the beauty of an asynchronous form of discussion that one can go and
make cups of tea, floss the cat, fluff the geraniums, open the kitchen window
and scream out it with operatic force, volume, and decorum, and then return to
the vexed glowing letters calmer of mind and soul?" -- The Cube, forum3000.org
More information about the buug
mailing list