Re: [Sks-devel] Secure packaging

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Secure packaging

From:	Peter Palfrader
Subject:	Re: [Sks-devel] Secure packaging
Date:	Fri, 5 Dec 2003 19:06:52 +0100
User-agent:	Mutt/1.5.4i

On Fri, 05 Dec 2003, Yaron M. Minsky wrote:

> In light of the savannah break-in, and general caution, it seems like
> some kind of package-signing might be in order.   Peter Palfrader is
> brought this issue up to me, and it seems like a good idea.  Do people
> have any thoughts on the best way to distribute signed distributions? 
> How do people normally go about it?

Distribute a detached signature alongside the tarball.

sks-n.n.n.tar.gz
sks-n.n.n.tar.gz.asc

create said detached sig with 'gpg --armor --detach-sign sks-n.n.n.tar.gz'

For bonus points make sure the signing key is connected to the web of
trust.
Peter
-- 
 PGP signed and encrypted  |  .''`.  ** Debian GNU/Linux **
    messages preferred.    | : :' :      The  universal
                           | `. `'      Operating System
 http://www.palfrader.org/ |   `-    http://www.debian.org/

signature.asc
Description: Digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] Secure packaging, Yaron M. Minsky, 2003/12/05
- Re: [Sks-devel] Secure packaging, David Shaw, 2003/12/05
- Re: [Sks-devel] Secure packaging, Peter Palfrader <=
  - Re: [Sks-devel] Secure packaging, Dan Egli, 2003/12/05
    - Re: [Sks-devel] Secure packaging, Peter Palfrader, 2003/12/05
    - Re: [Sks-devel] Secure packaging, David Shaw, 2003/12/05
    - Re: [Sks-devel] Secure packaging, Thomas Sjögren, 2003/12/05

Prev by Date: Re: [Sks-devel] Secure packaging
Next by Date: Re: [Sks-devel] Secure packaging
Previous by thread: Re: [Sks-devel] Secure packaging
Next by thread: Re: [Sks-devel] Secure packaging
Index(es):
- Date
- Thread