[lsb-discuss] Signing packages

Till Kamppeter till.kamppeter at gmail.com
Tue Jun 30 11:55:16 PDT 2009

Is this also the way how our LSB packages get signed? How do they 
exactly get signed? Which key do we need to give to the distros then?


Dan Lopez wrote:
> You will want to start with some sort of md5() digest of the file 
> (metadata or whatever) + server IP + file that is located on the box 
> outside of docroot that has a secret password (your choice of 
> characters+length).
> That should do it
> --
> Dan Lopez
> Web Development Manager
> The Linux Foundation
> 1796 18th Street, Suite C
> San Francisco, CA 94107
> +1 703.926.4840
> skype: danlopez00
> gtalk: danlopez00 at gmail.com <mailto:danlopez00 at gmail.com>
> twitter: dan_lopez
> On Mon, Jun 29, 2009 at 1:13 PM, Kevin Seitz <kseitz10 at gmail.com 
> <mailto:kseitz10 at gmail.com>> wrote:
>     Dan & David:
>     The next thing I need to work on is making sure packages are signed so
>     the repositories know the packages truly came from us and not someone
>     else.  I was directed towards you guys (and "the LSB people") by Till
>     to learn the requirements of making such a process work properly.
>     When you have some moments to spare, please reply and let me know so I
>     can get working on this.
>     Thanks,
>     Kevin Seitz.

More information about the lsb-discuss mailing list