up2date for testing (with apt/yum/dir repo support)

Panu Matilainen pmatilai at welho.com
Sun Aug 17 10:13:45 UTC 2003


On Sun, 2003-08-17 at 04:09, Chris Kloiber wrote:

> 
> A few little problems I noted, first was that the file sizes of any
> packages from an apt or yum repo are listed as '0', which made me
> hesitate to install from them until I verified I was getting real files.
> Second, it might be nice to have up2date offer to download the GPG-KEY
> from those apt and yum repos that support GPG, of course that might
> require mods to apt and yum first, or you could assume the GPG key to be
> at the same location as the repository. 

Note that apt itself doesn't understand about signed *packages*, that's
achieved with scripts (lua in Fedora's apt, others can be used as well).
Apt does however have notion of signed *repositories*, meaning the
package lists can be GPG-signed and verified from the release file in
the repo against GPG-fingerprints found in /etc/apt/vendors.list.

	- Panu -





More information about the devel mailing list