← Back to team overview

ubuntu-appstore-developers team mailing list archive

Re: Signed Click packages

 

On 13-08-08 08:07 AM, Marc Deslauriers wrote:
> On 13-08-08 07:58 AM, Colin Watson wrote:
>> On Thu, Aug 08, 2013 at 07:54:08AM -0400, Marc Deslauriers wrote:
>>> On 13-08-08 07:01 AM, Colin Watson wrote:
>>>> I won't write new crypto logic if I can possibly help it, so this is a
>>>> big win even if the policy format isn't necessarily quite what I would
>>>> have chosen.  I'll probably add some new commands to click to do signing
>>>> and verification, but they'll just pass through to external commands.
>>>
>>> dpkg-sig only seems to handle SHA1 and MD5 though, which is unacceptable. We
>>> need to change it to something better, like SHA512.
>>
>> I didn't mention dpkg-sig, which seems to be an entirely different
>> system from debsigs / debsig-verify.
> 
> Oh, wow, that's confusing. Sorry, I'll look into that.
> 

debsigs is quite nice, and perfect for developer signatures.

Marc.




References