XPost: linux.debian.maint.dpkg 
 From: jjackson@coplanar.net 
  
 Hi, 
  
 This may be only tangentially related, so apologies in advance. 
  
 On Mon, Sep 01, 2025 at 01:23:30PM +0200, Guillem Jover wrote: 
 >  * Make the format extensible to other signature formats or workflows 
 >    (such as x509, secure-boot, IMA, etc., even if there's currently no 
 >    intention to add support for any of this). 
  
 There is a workflow I am interested in, which is system integrity 
 verification run from a known-good rescue environment.  Your mention of 
 secure-boot reminded me of this.  This environment could be booted from 
 a USB stick for example. 
  
 The debsums utility can use md5sum files external to the potentially 
 compromised system being investigated to verify files.  The md5sum files 
 can be obtained by downloading .deb packages over https. 
  
 -can debsigs be extended to cover the md5sum files on the system being 
 investigated 
  
 -can .md5sum files be served separately from packages and individually 
 like debuginfod files 
  
 -can Contents files be extended to provide md5 (or sha2) checksums 
  
 If there is a discussion of these topics elsewhere please let me know. 
  
 Thanks, 
 Jeremy 
  
 --- SoupGate-Win32 v1.05 
  * Origin: you cannot sedate... all the things you hate (1:229/2)