[aklug] Re: DebSig Policies: was: Re: doing a apt-get reinstall everything on debian?

From: Christopher Howard <christopher.howard@frigidcode.com>
Date: Fri Jan 20 2012 - 12:05:19 AKST

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/20/2012 08:45 AM, R Denison wrote:

>
> And after your system is back up / operational, I highly recommend
> installing "debsums" - it will validate files installed from
> packages against the MD5 checksums for your installed packages.
>

Hey Denison, I want to be able to verify packages on my Ubuntu server,
but haven't got it to work yet. Here is a post that I have made at
several Linux and Ubuntu forums (and have received no replies):

[START POST]
Hi. I recently took over management of a small Ubuntu-based e-mail
server. I tend to be at least somewhat security-conscious, so I wanted
to figure out how the package verification system works in
Debian/Ubuntu. (I.e., how I know my packages come from trusted sources
and have not been modified.) Through a more generic Linux forum I
learned about debsig-verify. However, when I run it on a deb, I get
this error:

Code:

debsig: Origin Signature check failed. This deb might not be signed.

I read up in DEBSIG-VERIFY(1) that there are supposed to be policy
sub-directories in /etc/debsig/policies, along with related keyrings,
but there are none. How do I install these policies, or where do I
download them?
[END POST]

Do you have any information for me?

- --
frigidcode.com
theologia.indicium.us
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPGdcPAAoJEI2DxlFxTtgd4+gIALwWGvyCQqhuVk5OmBB9MARe
GMqztfBAcAt8mJ6yzdDlB0OXe9K5kKNUytSxok5jXUXUesKcfQswT6+z9w9fdRZF
2YJp13s9ta/YKKSYaigDSaV0NgzBzjpBzn6uC31wXVy12gdKT+41vbx37wzCb5Ab
JtMzRlhNk1iunKmFYeOfQmmHhpq3N6aPBnc6o6ltxnfHAcYf+MOdriXfayR/7+Wb
KTjLnyr8ZZSON2bYfs1tvu2Yu7DZG8LZpTlTLn/zZxwOxS/IQuZHWoJJGnn5QZA0
+lGf6094VGbE3uYd5GyHYBhnWTbu7+T0d6TbB5MCWTgPkvdXlh3LarPjGLgF7QE=
=BAwO
-----END PGP SIGNATURE-----
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Fri Jan 20 12:02:49 2012

This archive was generated by hypermail 2.1.8 : Fri Jan 20 2012 - 12:02:49 AKST