Signing packages (was: Re: lug-bg: )
- Subject: Signing packages (was: Re: lug-bg: )
- From: danchev@email.domain.hidden (George Danchev)
- Date: Sun, 27 Apr 2003 12:28:16 +0300
On 26 04 2003 22:02, raptor wrote:
<em class="quotelev1">> http://www.gentoo.org/news/en/gwn/20030421-newsletter.xml
<em class="quotelev1">> Portage security features detailed
<em class="quotelev1">>
<em class="quotelev1">> As reported previously, Portage will be getting some new security features
<em class="quotelev1">> as one of the last improvements to the 2.0 branch. Recently, a message was
<em class="quotelev1">> posted to the gentoo-security mailing list that offers some more details
<em class="quotelev1">> about the upcoming features. Overall, the system relies heavily on the
<em class="quotelev1">> web-of-trust model put forth by GnuPG. Users wishing to become more
<em class="quotelev1">> familiar with the security concepts behind the new Portage model should
<em class="quotelev1">> start by reading the GNU Privacy Handbook
;-) Brato4ka, tova ste e novo za gentoo, no ne i za drugite v edno ili drugo
otnoshenie. Pri debian sa malko po-napred nestata, otdavna ima i sobstven
keyring za maintainers, ako nqmash key ne mozhe a bydesh takyv - nali
zada4kata e mnogo maintainer's da sign-vat i vsi4ki users da check-vat posle
imajki update-nat keyring-a lokalno pri sebe si. Ogani4enieto pri Debian kym
momenta e, 4e samo debian source packages imat signaturi, ima .dsc file
sydyzhast md5 sums na vklu4enite files i sugnaturata na maintainer-a. Ostava
da se sign-vat i debian binary packages (.deb's) - ima debsign/debsigs za
celta i posle tova avtomati4no da se izpolzva ot package management utils -
naprimer ato oste neoficialnoto apt-check-sigs, koeto qvno ste se vika ot
apt-get predi install-a za da se proveri dali signaturata e validna i ako ne
e da se instalira li package ili ne - on user decision. Signing deb's qvno
ste byde gotovo oficialno za sledvastiq stable Sarge. Do sega se raz4ita na
tova 4e maintainer-a sled kato e podpisal debian source package-a i go e
upload-nal da se build-va na debian build machines various architectures
(buildd.debian.org), taka polu4enite ot nego debian binary packages sa
(dostaty4no) trusted, t.e. 4e nqma da se slu4i podmqna na sources, md5sums i
lyzhlivo pepodpisvane nqkyde po traseto - ot maintainer-a do user-a.
http://zadnik.org/debian-book/src/htmlsplit/node57.html
http://www.cryptnet.net/fdp/crypto/strong_distro.html
rpm programata i .rpm formata e naj-napred v tova otnoshenie - sign-vat se i
posle se proverqvat (auto) i srpm's i rpm's.
<p><p>
--
pub 4096R/0E4BD0AB 2003-03-18 (no comments) <danchev_at_spnet.net>
1AE7 7C66 0A26 5BFF DF22 5D55 1C57 0C89 0E4B D0AB <keyserver.bu.edu>
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================
- Относно:
- Re: lug-bg:
- Изпратено от: raptor@email.domain.hidden (raptor)
|