[ale] deb and rpm
Chris Ricker
chris.ricker at genetics.utah.edu
Mon Oct 16 11:34:40 EDT 2000
On Mon, 16 Oct 2000, michael d. ivey wrote:
> On Mon, Oct 16, 2000 at 10:46:17AM -0400, Yu, Jerry wrote:
> > just curious, what prevent deb to use the blessing of GnuPG?
>
> Really it's a Debian policy issue. Package signing will be done at a
> higher level than the package level.
Some place on the Debian site they have a nice explanation of why package
signing, at least at the Red Hat level, would be worthless for Debian,
though I can't find it now.
Basically, though, it's a difference in how the two are developed. Red Hat
packages come from one place and can be signed with one key. Debian
packages are prepared by 500+ people independently creating them all over
the globe.
> Actually, IIRC, rpm files don't support PGP either...the rpm _tool_ can
> handle signed packages. Eventually, apt/dselect will have signed package
> support, too.
Not sure what you mean. The signature is built into the file with
rpm. The file format *does* support GPG / PGP.
later,
chris
--
Chris Ricker kaboom at gatech.edu
chris.ricker at genetics.utah.edu
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list