Re: Trying to understand how checksums and signatures work

On Mon, Dec 17, 2007 at 06:29:20AM +0100, Gilles Pelletier wrote: > I had a bad experience while trying to install guarddog on Knoppix > (installed)this weekend. Synaptic apparently did a full update before > installing guarddog, [...] > > Is there a Linux distro that won't let you continue when

Re: Trying to understand how checksums and signatures work

Gilles Pelletier: > > I found out the MD5SUMs are in the package itself but where are the > signatures? I suppose they're in the file that is updated when you do an > update. But where is this file? It's the Release file which is signed (detached signature in Release.gpg). Release contains md5su

Re: Trying to understand how checksums and signatures work

On Monday 17 December 2007 18:29:20 Gilles Pelletier wrote: > I found out the MD5SUMs are in the package itself but where are the > signatures? I suppose they're in the file that is updated when you do an > update. But where is this file? The foo_0.2_arch.changes file for each upload can be signed

Re: Trying to understand how checksums and signatures work

Gilles Pelletier wrote: > I found out the MD5SUMs are in the package itself but where are the > signatures? I suppose they're in the file that is updated when you do an > update. But where is this file? > > Why are every file in the package md5summed ? Wouldn't a sum on the > whole package be enou

Trying to understand how checksums and signatures work

I found out the MD5SUMs are in the package itself but where are the signatures? I suppose they're in the file that is updated when you do an update. But where is this file? Why are every file in the package md5summed ? Wouldn't a sum on the whole package be enough? I had a bad experience whi