[prev in list] [next in list] [prev in thread] [next in thread] 

List:       debian-devel
Subject:    Package verification
From:       David Findlay <david_j_findlay () yahoo ! com ! au>
Date:       2002-02-13 10:33:42
[Download RAW message or body]

I'm working(among other things) on a way download packages(binary or source) 
from a P2P network such as giFT openft. This isn't a good idea if you can't 
verify that the package you are getting was actually created by the 
maintainer of the package, or someone authorised to do NMUs. Is there 
currently a good way to do it, and when will it be used? I was told by 
someone that debsign-verify isn't a good thing. I'm not convinced the md5sums 
are good enough. Thanks,

David


-- 
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

[prev in list] [next in list] [prev in thread] [next in thread]