On Fri, Jul 11, 2003 at 05:47:10PM +0200, J?rgen A.Erhard wrote: > I'm releasing these things now... have them in development and use for > a couple weeks/months now. > > A Python module for doing debsigs-type package signatures and > verification thereof. Uses and included module for GnuPG file > signatures and verification.
Also, I think using any scripted tool to do the verification is asking for security holes. It pulls in too many variables on which verification needs to depend. The debsigs-verify tool does the verification and xml parsing all in one C program. What did you find wrong with the current tools already available and documented? The only thing they need is policy to get them going. Dpkg can already call debsig-verify to validate a package. It just needs to be turned on. -- Debian - http://www.debian.org/ Linux 1394 - http://www.linux1394.org/ Subversion - http://subversion.tigris.org/ Deqo - http://www.deqo.com/