[ hope you don't mind me cc'ing the list, but I think I didn't detail an important point. ]
On Mon, 25 Jan 1999, Vincent Murphy wrote: > i would favour another field in the .deb package format which contains a > signature, which can be used by apt or whatever to verify that it is > genuine. however, i understand that modifying the package format isn't a > viable solution where backward-compatability is a priority. Ok, there could be a package by package basis. I was going for the simpler pgp signature of the entire Packages file itself. Since the packages file contains md5sums, there is a decent check on package by package basis already in apt. Thanks for seeing this, Brandon +--- ---+ | Brandon Mitchell * [EMAIL PROTECTED] * http://bhmit1.home.ml.org/ | | The above is a completely random sequence of bits, any relation to | | an actual message is purely accidental. |