Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Looking for "Package Verification with dpkg: Implementation" Document
33 views
Skip to first unread message
Cédric Van Rompay
Mar 7, 2023, 6:40:06 AM3/7/23
to
Hi,
I was looking at [the debsig-verify project](https://salsa.debian.org/dpkg-team/debsig-verify) and I cannot find which document is refered to in this part of the man pages:
> This program implements the verification specs defined in the document, "Package Verification with dpkg: Implementation", which is a more complete reference for the verification procedure.
>
> source: https://salsa.debian.org/dpkg-team/debsig-verify/-/blob/2ce143bb7a65fff3f5e837e788f621659cb67152/doc/debsig-verify.1.in#L27
I found [this document about signatures in debian packages][2] but it doesn't give many details about signature verification.
Any idea which document is this refering to?
Also, I tried creating an account at https://salsa.debian.org to create an issue on the project, but I got a HTTP 500 error during the process.
[2]: https://www.debian.org/doc/manuals/securing-debian-manual/deb-pack-sign.en.html
--
I was looking at [the debsig-verify project](https://salsa.debian.org/dpkg-team/debsig-verify) and I cannot find which document is refered to in this part of the man pages:
> This program implements the verification specs defined in the document, "Package Verification with dpkg: Implementation", which is a more complete reference for the verification procedure.
>
> source: https://salsa.debian.org/dpkg-team/debsig-verify/-/blob/2ce143bb7a65fff3f5e837e788f621659cb67152/doc/debsig-verify.1.in#L27
I found [this document about signatures in debian packages][2] but it doesn't give many details about signature verification.
Any idea which document is this refering to?
Also, I tried creating an account at https://salsa.debian.org to create an issue on the project, but I got a HTTP 500 error during the process.
[2]: https://www.debian.org/doc/manuals/securing-debian-manual/deb-pack-sign.en.html
Cédric Van Rompay (Confluence Profile)
Leader of the Software Integrity and Trust team
Datadog Paris Office.
Max Nikulin
Mar 7, 2023, 9:20:06 AM3/7/23
to
On 07/03/2023 18:19, Cédric Van Rompay wrote:
> > This program implements the verification specs defined in the
> document, "Package Verification with dpkg: Implementation", which is a
> more complete reference for the verification procedure.
...
> > This program implements the verification specs defined in the
> document, "Package Verification with dpkg: Implementation", which is a
> more complete reference for the verification procedure.
> Any idea which document is this refering to?
From search engine results:
http://quux.org:70/devel/debian/debsigs.txt
> Package Verification with dpkg: Implementation
>
> John Goerzen <jgoe...@progeny.com>
>
>
> Version 5; January 4, 2001
David Wright
Mar 7, 2023, 9:50:05 AM3/7/23
to
On Tue 07 Mar 2023 at 12:19:21 (+0100), Cédric Van Rompay wrote:
>
> I was looking at [the debsig-verify project](
> https://salsa.debian.org/dpkg-team/debsig-verify) and I cannot find which
> document is refered to in this part of the man pages:
>
> > This program implements the verification specs defined in the document,
> "Package Verification with dpkg: Implementation", which is a more complete
> reference for the verification procedure.
> >
> > source:
> https://salsa.debian.org/dpkg-team/debsig-verify/-/blob/2ce143bb7a65fff3f5e837e788f621659cb67152/doc/debsig-verify.1.in#L27
>
> I found [this document about signatures in debian packages][2] but it
> doesn't give many details about signature verification.
>
> Any idea which document is this refering to?
>
> Also, I tried creating an account at https://salsa.debian.org to create an
> issue on the project, but I got a HTTP 500 error during the process.
>
> [2]:
> https://www.debian.org/doc/manuals/securing-debian-manual/deb-pack-sign.en.html
You might consider installing debsigs, which contains this document
>
> I was looking at [the debsig-verify project](
> https://salsa.debian.org/dpkg-team/debsig-verify) and I cannot find which
> document is refered to in this part of the man pages:
>
> > This program implements the verification specs defined in the document,
> "Package Verification with dpkg: Implementation", which is a more complete
> reference for the verification procedure.
> >
> > source:
> https://salsa.debian.org/dpkg-team/debsig-verify/-/blob/2ce143bb7a65fff3f5e837e788f621659cb67152/doc/debsig-verify.1.in#L27
>
> I found [this document about signatures in debian packages][2] but it
> doesn't give many details about signature verification.
>
> Any idea which document is this refering to?
>
> Also, I tried creating an account at https://salsa.debian.org to create an
> issue on the project, but I got a HTTP 500 error during the process.
>
> [2]:
> https://www.debian.org/doc/manuals/securing-debian-manual/deb-pack-sign.en.html
at /usr/share/doc/debsigs/debsigs.txt.gz, and dpkg-sig, which AIUI
presents an implementation example.
Cheers,
David.
0 new messages