[ale] deb and rpm

Chris Ricker chris.ricker at genetics.utah.edu
Mon Oct 16 11:34:40 EDT 2000


On Mon, 16 Oct 2000, michael d. ivey wrote:

> On Mon, Oct 16, 2000 at 10:46:17AM -0400, Yu, Jerry wrote:
> > just curious, what prevent deb to use the blessing of GnuPG?
> 
> Really it's a Debian policy issue.  Package signing will be done at a
> higher level than the package level.

Some place on the Debian site they have a nice explanation of why package
signing, at least at the Red Hat level, would be worthless for Debian,
though I can't find it now.

Basically, though, it's a difference in how the two are developed.  Red Hat
packages come from one place and can be signed with one key.  Debian
packages are prepared by 500+ people independently creating them all over
the globe.

> Actually, IIRC, rpm files don't support PGP either...the rpm _tool_ can
> handle signed packages.  Eventually, apt/dselect will have signed package
> support, too.

Not sure what you mean.  The signature is built into the file with
rpm.  The file format *does* support GPG / PGP.

later,
chris

-- 
Chris Ricker                                               kaboom at gatech.edu
                                              chris.ricker at genetics.utah.edu

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list