ubuntu-appstore-developers team mailing list archive

Thread
Date

Re: Signed Click packages

To: ubuntu-appstore-developers@xxxxxxxxxxxxxxxxxxx
From: Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>
Date: Thu, 08 Aug 2013 08:21:20 -0400
In-reply-to: <52038A0D.9080503@canonical.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130803 Thunderbird/17.0.8

On 13-08-08 08:07 AM, Marc Deslauriers wrote:
> On 13-08-08 07:58 AM, Colin Watson wrote:
>> On Thu, Aug 08, 2013 at 07:54:08AM -0400, Marc Deslauriers wrote:
>>> On 13-08-08 07:01 AM, Colin Watson wrote:
>>>> I won't write new crypto logic if I can possibly help it, so this is a
>>>> big win even if the policy format isn't necessarily quite what I would
>>>> have chosen.  I'll probably add some new commands to click to do signing
>>>> and verification, but they'll just pass through to external commands.
>>>
>>> dpkg-sig only seems to handle SHA1 and MD5 though, which is unacceptable. We
>>> need to change it to something better, like SHA512.
>>
>> I didn't mention dpkg-sig, which seems to be an entirely different
>> system from debsigs / debsig-verify.
> 
> Oh, wow, that's confusing. Sorry, I'll look into that.
> 

debsigs is quite nice, and perfect for developer signatures.

Marc.

References

Signed Click packages
From: Colin Watson, 2013-08-08
Re: Signed Click packages
From: Marc Deslauriers, 2013-08-08
Re: Signed Click packages
From: Colin Watson, 2013-08-08
Re: Signed Click packages
From: Marc Deslauriers, 2013-08-08