[prev in list] [next in list] [prev in thread] [next in thread]
List: debian-devel
Subject: Package verification
From: David Findlay <david_j_findlay () yahoo ! com ! au>
Date: 2002-02-13 10:33:42
[Download RAW message or body]
I'm working(among other things) on a way download packages(binary or source)
from a P2P network such as giFT openft. This isn't a good idea if you can't
verify that the package you are getting was actually created by the
maintainer of the package, or someone authorised to do NMUs. Is there
currently a good way to do it, and when will it be used? I was told by
someone that debsign-verify isn't a good thing. I'm not convinced the md5sums
are good enough. Thanks,
David
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic