vsftpd in the news
Miloslav Trmač
mitr at volny.cz
Tue Jul 5 20:56:30 UTC 2011
On Tue, Jul 5, 2011 at 7:43 PM, Benjamin Lewis <ben.lewis at benl.co.uk> wrote:
> On 07/05/2011 05:15 PM, Adam Williamson wrote:
>>
>> I didn't see any suggestion that packages be *required* to have a
>> signature, only that we somehow run an automated check on one if there
>> is one.
>>
>> Rather than making specific Source numbers special case, why not just go
>> on naming? The convention for signatures is to add an extension to the
>> name of the tarball the signature is for; that shouldn't be too hard to
>> implement, I don't think.
>
> Surely the automated testing tool would need a way of being fed
> known-trusted public keys in advance as well?
Unless my memory is failing me, we already had a mechanism for this
(specifying the trusted keys and verifying signatures) in the CVS
package repository (in Makefile.common). Perhaps most of that could
be reused.
Mirek
More information about the devel
mailing list