2000 %!PS-Adobe-2.0 %%Creator: dvips(k) 5.86d Copyright 1999 Radical Eye Software %%Title: debsigs.dvi %%Pages: 5 %%PageOrder: Ascend %%BoundingBox: 0 0 612 792 %%EndComments %DVIPSWebPage: (www.radicaleye.com) %DVIPSCommandLine: dvips -t letter -o %+ /scratch/jgoerzen/cvs/debsigs-0.1/debsigs.ps debsigs.dvi %DVIPSParameters: dpi=600, compressed %DVIPSSource: TeX output 2001.01.19:1300 %%BeginProcSet: texc.pro %! /TeXDict 300 dict def TeXDict begin/N{def}def/B{bind def}N/S{exch}N/X{S N}B/A{dup}B/TR{translate}N/isls false N/vsize 11 72 mul N/hsize 8.5 72 mul N/landplus90{false}def/@rigin{isls{[0 landplus90{1 -1}{-1 1}ifelse 0 0 0]concat}if 72 Resolution div 72 VResolution div neg scale isls{ landplus90{VResolution 72 div vsize mul 0 exch}{Resolution -72 div hsize mul 0}ifelse TR}if Resolution VResolution vsize -72 div 1 add mul TR[ matrix currentmatrix{A A round sub abs 0.00001 lt{round}if}forall round exch round exch]setmatrix}N/@landscape{/isls true N}B/@manualfeed{ statusdict/manualfeed true put}B/@copies{/#copies X}B/FMat[1 0 0 -1 0 0] N/FBB[0 0 0 0]N/nn 0 N/IEn 0 N/ctr 0 N/df-tail{/nn 8 dict N nn begin /FontType 3 N/FontMatrix fntrx N/FontBBox FBB N string/base X array /BitMaps X/BuildChar{CharBuilder}N/Encoding IEn N end A{/foo setfont}2 array copy cvx N load 0 nn put/ctr 0 N[}B/sf 0 N/df{/sf 1 N/fntrx FMat N df-tail}B/dfs{div/sf X/fntrx[sf 0 0 sf neg 0 0]N df-tail}B/E{pop nn A definefont setfont}B/Cw{Cd A length 5 sub get}B/Ch{Cd A length 4 sub get }B/Cx{128 Cd A length 3 sub get sub}B/Cy{Cd A length 2 sub get 127 sub} B/Cdx{Cd A length 1 sub get}B/Ci{Cd A type/stringtype ne{ctr get/ctr ctr 1 add N}if}B/id 0 N/rw 0 N/rc 0 N/gp 0 N/cp 0 N/G 0 N/CharBuilder{save 3 1 roll S A/base get 2 index get S/BitMaps get S get/Cd X pop/ctr 0 N Cdx 0 Cx Cy Ch sub Cx Cw add Cy setcachedevice Cw Ch true[1 0 0 -1 -.1 Cx sub Cy .1 sub]/id Ci N/rw Cw 7 add 8 idiv string N/rc 0 N/gp 0 N/cp 0 N{ rc 0 ne{rc 1 sub/rc X rw}{G}ifelse}imagemask restore}B/G{{id gp get/gp gp 1 add N A 18 mod S 18 idiv pl S get exec}loop}B/adv{cp add/cp X}B /chg{rw cp id gp 4 index getinterval putinterval A gp add/gp X adv}B/nd{ /cp 0 N rw exit}B/lsh{rw cp 2 copy get A 0 eq{pop 1}{A 255 eq{pop 254}{ A A add 255 and S 1 and or}ifelse}ifelse put 1 adv}B/rsh{rw cp 2 copy get A 0 eq{pop 128}{A 255 eq{pop 127}{A 2 idiv S 128 and or}ifelse} ifelse put 1 adv}B/clr{rw cp 2 index string putinterval adv}B/set{rw cp fillstr 0 4 index getinterval putinterval adv}B/fillstr 18 string 0 1 17 {2 copy 255 put pop}for N/pl[{adv 1 chg}{adv 1 chg nd}{1 add chg}{1 add chg nd}{adv lsh}{adv lsh nd}{adv rsh}{adv rsh nd}{1 add adv}{/rc X nd}{ 1 add set}{1 add clr}{adv 2 chg}{adv 2 chg nd}{pop nd}]A{bind pop} forall N/D{/cc X A type/stringtype ne{]}if nn/base get cc ctr put nn /BitMaps get S ctr S sf 1 ne{A A length 1 sub A 2 index S get sf div put }if put/ctr ctr 1 add N}B/I{cc 1 add D}B/bop{userdict/bop-hook known{ bop-hook}if/SI save N @rigin 0 0 moveto/V matrix currentmatrix A 1 get A mul exch 0 get A mul add .99 lt{/QV}{/RV}ifelse load def pop pop}N/eop{ SI restore userdict/eop-hook known{eop-hook}if showpage}N/@start{ userdict/start-hook known{start-hook}if pop/VResolution X/Resolution X 1000 div/DVImag X/IEn 256 array N 2 string 0 1 255{IEn S A 360 add 36 4 index cvrs cvn put}for pop 65781.76 div/vsize X 65781.76 div/hsize X}N /p{show}N/RMat[1 0 0 -1 0 0]N/BDot 260 string N/Rx 0 N/Ry 0 N/V{}B/RV/v{ /Ry X/Rx X V}B statusdict begin/product where{pop false[(Display)(NeXT) (LaserWriter 16/600)]{A length product length le{A length product exch 0 exch getinterval eq{pop true exit}if}{pop}ifelse}forall}{false}ifelse end{{gsave TR -.1 .1 TR 1 1 scale Rx Ry false RMat{BDot}imagemask grestore}}{{gsave TR -.1 .1 TR Rx Ry scale 1 1 false RMat{BDot} imagemask grestore}}ifelse B/QV{gsave newpath transform round exch round exch itransform moveto Rx 0 rlineto 0 Ry neg rlineto Rx neg 0 rlineto fill grestore}B/a{moveto}B/delta 0 N/tail{A/delta X 0 rmoveto}B/M{S p delta add tail}B/b{S p tail}B/c{-4 M}B/d{-3 M}B/e{-2 M}B/f{-1 M}B/g{0 M} B/h{1 M}B/i{2 M}B/j{3 M}B/k{4 M}B/w{0 rmoveto}B/l{p -4 w}B/m{p -3 w}B/n{ p -2 w}B/o{p -1 w}B/q{p 1 w}B/r{p 2 w}B/s{p 3 w}B/t{p 4 w}B/x{0 S rmoveto}B/y{3 2 roll p a}B/bos{/SS save N}B/eos{SS restore}B end %%EndProcSet TeXDict begin 40258431 52099146 1000 600 600 (debsigs.dvi) @start %DVIPSBitmapFont: Fa ecti1000 10 34 /Fa 34 122 df<387FFFF8A2B5FCA214F0150579941E>45 D<0103B612FEEFFFC018F090 3B0007F8000FF84BEB03FCEF00FE020F157FF03F804B141F19C0021F150F19E05D180714 3F19F05DA2147FA292C8FCA25C180F5CA2130119E04A151FA2130319C04A153FA2010717 80187F4A1600A2010F16FEA24A4A5A60011F15034D5A4A5D4D5A013F4B5A173F4A4AC7FC 17FC017FEC03F84C5A91C7EA1FC04949B45A007F90B548C8FCB712F016803C397CB83F> 68 D<0107B712FEA3903A000FF000074B1300187C021F153CA25DA2143FA25D1838147F A292C8FCEE03804A130718004A91C7FCA201015CA24A131E163E010314FE91B5FC5EA290 3807F800167C4A1378A2130FA24A1370A2011F14F0A24A90C8FCA2133FA25CA2137FA291 CAFCA25BA25B487EB6FCA337397BB836>70 DI<0103B5D8F80FB512E0A390260007F8 C7381FE0004B5DA2020F153F615DA2021F157F96C7FC5DA2023F5D605DA2027F14016092 C7FCA24A1403605CA249B7FC60A202FCC712070103150F605CA20107151F605CA2010F15 3F605CA2011F157F95C8FC5CA2013F5D5F5CA2017F14015F91C7FC491403007FD9FE01B5 12F8B55BA243397CB83E>I<0103B512F8A390390007F8005DA2140FA25DA2141FA25DA2 143FA25DA2147FA292C7FCA25CA25CA21301A25CA21303A25CA21307A25CA2130FA25CA2 131FA25CA2133FA25CA2137FA291C8FC497EB6FCA25C25397CB820>I<902607FFF89238 07FFF0614F13E0D9000FEFF0004F5AA2021F167FF1EFC0141DDA1CFCEC01CF023C16DF95 38039F800238ED071FA20278ED0E3F97C7FC0270151CA202F04B5AF0707E14E0037E14E0 010117FE4D485A02C0EC0380A20103ED0701610280140EA20107ED1C0305385B14006F13 7049160705E05B010EEC01C0A2011E913803800F61011CEC0700A2013C020E131F4C5C13 38ED1FB80178163F04F091C8FC01705CA201F04A5B187E00015DD807F816FEB500C09039 007FFFFC151E150E4C397AB84A>77 D<902603FFF891B512E0A281D90007923807F8006F 6E5A61020F5E81DA0E7F5DA2021E6D1307033F92C7FC141C82DA3C1F5C70130EEC380FA2 02786D131E0307141C147082DAF003143C70133814E0150101016E1378030014705C8201 036E13F0604A1480163F010715C1041F5B91C7FC17E149EC0FE360010E15F31607011E15 FF95C8FC011C80A2013C805F1338160013785F01F8157CEA03FC267FFFE0143CB51538A2 43397CB83E>II<0107B612F817FF1880903B000FF0003FE04BEB0FF0EF03F8141FEF01FC5DA2 023F15FEA25DA2147FEF03FC92C7FCA24A15F817074A15F0EF0FE01301EF1FC04AEC3F80 EFFE0001034A5AEE0FF091B612C04CC7FCD907F8C9FCA25CA2130FA25CA2131FA25CA213 3FA25CA2137FA291CAFCA25BA25B1201B512FCA337397BB838>I<92383FC00E913901FF F01C020713FC91391FC07E3C91393F001F7C027CEB0FF84A130749481303495A4948EB01 F0A2495AA2011F15E091C7FCA34915C0A36E90C7FCA2806D7E14FCECFF806D13F015FE6D 6D7E6D14E0010080023F7F14079138007FFC150F15031501A21500A2167C120EA3001E15 FC5EA3003E4A5AA24B5AA2007F4A5A4B5A6D49C7FC6D133ED8F9F013FC39F8FC03F839F0 7FFFE0D8E01F138026C003FCC8FC2F3D7ABA2F>83 D<0007B812E0A25AD9F800EB001F01 C049EB07C0485AD900011403121E001C5C003C17801403123800785C00701607140700F0 1700485CA2140FC792C7FC5DA2141FA25DA2143FA25DA2147FA292C9FCA25CA25CA21301 A25CA21303A25CA21307A25CA2130FA25CEB3FF0007FB512F8B6FCA2333971B83B>I<00 3FB539800FFFFEA326007F80C7EA7F8091C8EA3F00173E49153CA2491538A20001167817 705BA2000316F05F5BA2000715015F5BA2000F15035F5BA2001F150794C7FC5BA2003F5D 160E5BA2007F151E161C90C8FCA2163C4815385A16781670A216F04B5A5E1503007E4A5A 4BC8FC150E6C143E6C6C5B15F0390FC003E03907F01FC00001B5C9FC38007FFCEB1FE037 3B70B83E>I<14F8EB07FE90381F871C90383E03FE137CEBF801120148486C5A485A120F EBC001001F5CA2EA3F801403007F5C1300A21407485C5AA2140F5D48EC 2000 C1C0A2141F1583 1680143F1587007C017F1300ECFF076C485B9038038F8E391F0F079E3907FE03FC3901F0 00F0222677A42A>97 D<133FEA1FFFA3C67E137EA313FE5BA312015BA312035BA31207EB E0F8EBE7FE9038EF0F80390FFC07C013F89038F003E013E0D81FC013F0A21380A2123F13 00A214075A127EA2140F12FE4814E0A2141F15C05AEC3F80A215005C147E5C387801F800 7C5B383C03E0383E07C0381E1F80D80FFEC7FCEA01F01C3B77B926>I<147F903803FFC0 90380FC1E090381F0070017E13784913383901F801F83803F003120713E0120FD81FC013 F091C7FC485AA2127F90C8FCA35A5AA45AA3153015381578007C14F0007EEB01E0003EEB 03C0EC0F806CEB3E00380F81F83803FFE0C690C7FC1D2677A426>II<147F903803 FFC090380FC1E090383F00F0017E13785B485A485A485A120F4913F8001F14F0383F8001 EC07E0EC1F80397F81FF00EBFFF8148090C8FC5A5AA55AA21530007C14381578007E14F0 003EEB01E0EC03C06CEB0F806CEB3E00380781F83803FFE0C690C7FC1D2677A426>I103 DII107 DIII<147F90 3803FFC090380FC1F090381F00F8017E137C5B4848137E4848133E0007143F5B120F485A A2485A157F127F90C7FCA215FF5A4814FEA2140115FC5AEC03F8A2EC07F015E0140F007C 14C0007EEB1F80003EEB3F00147E6C13F8380F83F03803FFC0C648C7FC202677A42A>I< 9039078007C090391FE03FF090393CF0787C903938F8E03E9038787FC00170497EECFF00 D9F0FE148013E05CEA01E113C15CA2D80003143FA25CA20107147FA24A1400A2010F5C5E 5C4B5A131F5EEC80035E013F495A6E485A5E6E48C7FC017F133EEC70FC90387E3FF0EC0F 8001FEC9FCA25BA21201A25BA21203A25B1207B512C0A3293580A42A>I<3903C003F039 0FF01FFC391E783C0F381C7C703A3C3EE03F8038383FC0EB7F800078150000701300151C D8F07E90C7FCEAE0FE5BA2120012015BA312035BA312075BA3120F5BA3121F5BA3123F90 C9FC120E212679A423>114 D<14FE903807FF8090380F83C090383E00E04913F0017813 7001F813F00001130313F0A215E00003EB01C06DC7FC7FEBFFC06C13F814FE6C7F6D1380 7F010F13C01300143F141F140F123E127E00FE1480A348EB1F0012E06C133E00705B6C5B 381E03E06CB45AD801FEC7FC1C267AA422>II<13F8D803FEEB01C0D8078FEB03E0390E0F8007121E121C0038140F 131F007815C01270013F131F00F0130000E015805BD8007E133FA201FE14005B5D120149 137EA215FE120349EBFC0EA20201131E161C15F813E0163CD9F003133814070001ECF070 91381EF8F03A00F83C78E090393FF03FC090390FC00F00272679A42D>I<01F0130ED803 FC133FD8071EEB7F80EA0E1F121C123C0038143F49131F0070140FA25BD8F07E140000E0 8013FEC6485B150E12015B151E0003141C5BA2153C000714385B5DA35DA24A5A14030003 5C6D48C7FC0001130E3800F83CEB7FF8EB0FC0212679A426>I<01F01507D803FC903903 801F80D8071E903907C03FC0D80E1F130F121C123C0038021F131F49EC800F00701607A2 49133FD8F07E168000E0ED000313FEC64849130718000001147E5B03FE5B0003160E495B A2171E00070101141C01E05B173C1738A217781770020314F05F0003010713016D486C48 5A000190391E7C07802800FC3C3E0FC7FC90393FF81FFE90390FE003F0322679A437>I< 13F0D803FCEB01C0D8071EEB03E0D80E1F1307121C123C0038140F4914C01270A249131F D8F07E148012E013FEC648133F160012015B5D0003147E5BA215FE00075C5BA214015DA3 14035D14070003130FEBF01F3901F87FE038007FF7EB1FC7EB000F5DA2141F003F5C4813 3F92C7FC147E147C007E13FC387001F8EB03E06C485A383C1F80D80FFEC8FCEA03F02336 79A428>121 D E %EndDVIPSBitmapFont %DVIPSBitmapFont: Fb ecbx1000 10 19 /Fb 19 122 df45 D63 D71 D80 D83 D<903801FFC0010F13FC017F13FFD9FF80138026 03FE0013C048485AEA0FF8121F13F0123F6E13804848EB7F00151C92C7FC12FFA9127FA2 7F123FED01E06C7E15036C6CEB07C06C6C14806C6C131FC69038C07E006DB45A010F13F0 0101138023257DA42A>99 D<903803FF80011F13F0017F13FC3901FF83FE3A03FE007F80 4848133F484814C0001FEC1FE05B003FEC0FF0A2485A16F8150712FFA290B6FCA301E0C8 FCA4127FA36C7E1678121F6C6C14F86D14F000071403D801FFEB0FE06C9038C07FC06DB5 1200010F13FC010113E025257DA42C>101 D<161FD907FEEBFFC090387FFFE348B6EAEF E02607FE07138F260FF801131F48486C138F003F15CF4990387FC7C0EEC000007F81A600 3F5DA26D13FF001F5D6C6C4890C7FC3907FE07FE48B512F86D13E0261E07FEC8FC90CAFC A2123E123F7F6C7E90B512F8EDFF8016E06C15F86C816C815A001F81393FC0000F48C813 8048157F5A163FA36C157F6C16006D5C6C6C495AD81FF0EB07FCD807FEEB3FF00001B612 C06C6C91C7FC010713F02B377DA530>103 D<13FFB5FCA412077EAFED7FC0913803FFF8 020F13FE91381F03FFDA3C01138014784A7E4A14C05CA25CA291C7FCB3A3B5D8FC3F13FF A4303A7DB935>II<13FFB5FCA412077EAF92380FFFE0A4923803FC00 16F0ED0FE0ED1F804BC7FC157E5DEC03F8EC07E04A5A141FEC7FE04A7E8181A2ECCFFEEC 0FFF496C7F806E7F6E7F82157F6F7E6F7E82150F82B5D8F83F13F8A42D3A7EB932>107 D<01FEEB7FC000FF903803FFF8020F13FE91381F03FFDA3C011380000713780003497E6D 4814C05CA25CA291C7FCB3A3B5D8FC3F13FFA430257DA435>110 D<903801FFC0010F13F8017F13FFD9FF807F3A03FE003FE048486D7E48486D7E48486D7E A2003F81491303007F81A300FF1680A9007F1600A3003F5D6D1307001F5DA26C6C495A6C 6C495A6C6C495A6C6C6CB45A6C6CB5C7FC011F13FC010113C029257DA430>I<9039FF01 FF80B5000F13F0023F13FC9138FE07FFDAF00113800003496C13C00280EB7FE091C713F0 EE3FF8A2EE1FFCA3EE0FFEAA17FC161FA217F8163F17F06E137F6E14E06EEBFFC0DAF003 13809139FC07FE0091383FFFF8020F13E0020390C7FC91C9F 2000 CACB512FCA42F357EA435> I<9038FE03F000FFEB0FFEEC3FFF91387C7F809138F8FFC000075B6C6C5A5CA29138807F 80ED3F00150C92C7FC91C8FCB3A2B512FEA422257EA427>114 D<90383FF0383903FFFE F8000F13FF381FC00F383F0003007E1301007C130012FC15787E7E6D130013FCEBFFE06C 13FCECFF806C14C06C14F06C14F81203C614FC131F9038007FFE140700F0130114007E15 7E7E157C6C14FC6C14F8EB80019038F007F090B512C000F8140038E01FF81F257DA426> I<130FA55BA45BA25B5BA25A1207001FEBFFE0B6FCA3000390C7FCB21578A815F86CEB80 F014816CEBC3E090383FFFC06D1380903803FE001D357EB425>I<01FFEC3FC0B5EB3FFF A4000714016C80B3A35DA25DA26C5C6E4813E06CD9C03E13FF90387FFFFC011F13F00103 138030257DA435>I121 D E %EndDVIPSBitmapFont %DVIPSBitmapFont: Fc ecbx1200 12 18 /Fc 18 117 df46 D49 DI80 D82 D85 D<903801FFE0011F13FE017F6D7E48B612E03A03FE007FF84848EB1FFC6D6D7E486C6D7E A26F7FA36F7F6C5A6C5AEA00F090C7FCA40203B5FC91B6FC1307013F13F19038FFFC0100 0313E0481380381FFE00485A5B127F5B12FF5BA35DA26D5B6C6C5B4B13F0D83FFE013EEB FFC03A1FFF80FC7F0007EBFFF86CECE01FC66CEB8007D90FFCC9FC322F7DAD36>97 DI100 DI<137C48B4FC4813804813C0A24813E0A56C13C0A26C13806C1300 EA007C90C7FCAAEB7FC0EA7FFFA512037EB3AFB6FCA518467CC520>105 D108 D<90277F8007FEEC0FFC B590263FFFC090387FFF8092B5D8F001B512E002816E4880913D87F01FFC0FE03FF8913D 8FC00FFE1F801FFC0003D99F009026FF3E007F6C019E6D013C130F02BC5D02F86D496D7E A24A5D4A5DA34A5DB3A7B60081B60003B512FEA5572D7CAC5E>I<90397F8007FEB59038 3FFF8092B512E0028114F8913987F03FFC91388F801F000390399F000FFE6C139E14BC02 F86D7E5CA25CA35CB3A7B60083B512FEA5372D7CAC3E>II<90387F807FB53881FFE0028313F0028F13F8ED8FFC9138 9F1FFE000313BE6C13BC14F8A214F0ED0FFC9138E007F8ED01E092C7FCA35CB3A5B612E0 A5272D7DAC2E>114 D<90391FFC038090B51287000314FF120F381FF003383FC0004913 3F48C7121F127E00FE140FA215077EA27F01E090C7FC13FE387FFFF014FF6C14C015F06C 14FC6C800003806C15806C7E010F14C0EB003F020313E0140000F0143FA26C141F150FA2 7EA26C15C06C141FA26DEB3F8001E0EB7F009038F803FE90B55A00FC5CD8F03F13E026E0 07FEC7FC232F7CAD2C>II E %EndDVIPSBitmapFont %DVIPSBitmapFont: Fd cmsy10 10 1 /Fd 1 16 df15 D E %EndDVIPSBitmapFont %DVIPSBitmapFont: Fe ecrm1000 10 67 /Fe 67 123 df<486C1360000314E039070001C0000EEB038048EB070000181306003813 0E0030130C0070131C00601318A200E01338481330A400CEEB338039FF803FE001C013F0 A3007F131FA2393F800FE0390E0003801C1981B91C>16 D<001C1307007FEB1FC039FF80 3FE0A201C013F0A3007F131F001CEB073000001300A400011470491360A2000314E090C7 12C048130100061480000E130348EB070048130E485B006013181C1980B91C>I21 D27 DI<146014E0EB01C0EB0380EB0700130E131E5B5BA25B485AA2485A A212075B120F90C7FCA25A121EA2123EA35AA65AB2127CA67EA3121EA2121F7EA27F1207 7F1203A26C7EA26C7E1378A27F7F130E7FEB0380EB01C0EB00E01460135278BD20>40 D<12C07E12707E7E7E120F6C7E6C7EA26C7E6C7EA21378A2137C133C133E131EA2131F7F A21480A3EB07C0A6EB03E0B2EB07C0A6EB0F80A31400A25B131EA2133E133C137C1378A2 5BA2485A485AA2485A48C7FC120E5A5A5A5A5A13527CBD20>II<121C127FEAFF80A213C0A3127F 121C1200A412011380A2120313005A1206120E5A5A5A12600A19798817>44 DI<121C127FEAFF80A5EA7F00121C0909798817>I<1506A2150E 150CA2151C151815381530A215701560A215E015C0A214011580A2140315005C1406A214 0E140CA2141C1418A214381430A21470146014E05CA213015CA2130391C7FCA25B1306A2 130E130C131C1318A213381330A213701360A213E05BA212015B120390C8FCA25A1206A2 120E120CA2121C1218A21238123012701260A212E05AA21F537BBD2A>IIIII<1538A2157815F8A2140114031407A2140F141F 141B14331473146314C313011483EB030313071306130C131C131813301370136013C012 01EA038013005A120E120C5A123812305A12E0B712F8A3C73803F800AA4A7E0103B512F8 A325387EB72A>I<0006140CD80780133C9038F003F890B5FC5D5D158092C7FC14FC3806 7FE090C9FCAAEB07F8EB1FFE9038780F809038E007E03907C003F0496C7E130000066D7E 81C8FC8181A21680A4121C127F5A7FA390C713005D12FC00605C12704A5A6C5C6C130300 1E495A6C6C485A3907E03F800001B5C7FC38007FFCEB1FE021397CB62A>I<121C127FEA FF80A5EA7F00121CC7FCB2121C127FEAFF80A5EA7F00121C092479A317>58 D<1538A3157CA315FEA34A7EA34A6C7EA202077FEC063FA2020E7FEC0C1FA2021C7FEC18 0FA202387FEC3007A202707FEC6003A202C07F1501A2D901807F81A249C77F1 2000 67FA20106 810107B6FCA24981010CC7121FA2496E7EA3496E7EA3496E7EA213E0707E1201486C81D8 0FFC02071380B56C90B512FEA3373C7DBB3E>65 DI<913A01FF8001 80020FEBE003027F13F8903A01FF807E07903A03FC000F0FD90FF0EB039F4948EB01DFD9 3F80EB00FF49C8127F01FE153F12014848151F4848150FA248481507A2485A1703123F5B 007F1601A35B00FF93C7FCAD127F6DED0180A3123F7F001F160318006C7E5F6C7E17066C 6C150E6C6C5D00001618017F15386D6C5CD91FE05C6D6CEB03C0D903FCEB0F80902701FF 803FC7FC9039007FFFFC020F13F002011380313D7BBA3C>IIIIIII75 D78 DIIIII<003FB812E0A3D9C003EB001F273E0001FE130348EE01F000781600 00701770A300601730A400E01738481718A4C71600B3B0913807FF80011FB612E0A33539 7DB83C>II87 D91 D93 D<007FB81280B912C0A26C178032 04797041>95 D97 DIIII<147E903803FF8090380F C1E0EB1F8790383F0FF0137EA213FCA23901F803C091C7FCADB512FCA3D801F8C7FCB3AB 487E387FFFF8A31C3B7FBA19>III< EA0380EA0FE0487EA56C5AEA0380C8FCAAEA03F012FFA312071203B3AA487EB512C0A312 387EB717>IIII<2703F00FF0EB1FE000FFD93FFCEB7FF8 913AF03F01E07E903BF1C01F83803F3D0FF3800FC7001F802603F70013CE01FE14DC49D9 07F8EB0FC0A2495CA3495CB3A3486C496CEB1FE0B500C1B50083B5FCA340257EA445>I< 3903F00FF000FFEB3FFCECF03F9039F1C01F803A0FF3800FC03803F70013FE496D7EA25B A35BB3A3486C497EB500C1B51280A329257EA42E>II<3903F01FE000 FFEB7FF89038F1E07E9039F3801F803A07F7000FC0D803FEEB07E049EB03F04914F84913 0116FC150016FEA3167FAA16FEA3ED01FCA26DEB03F816F06D13076DEB0FE001F614C090 39F7803F009038F1E07E9038F0FFF8EC1FC091C8FCAB487EB512C0A328357EA42E>I I<3807E01F00FFEB7FC09038E1E3E09038E387F0380FE707EA03E613EE9038EC03E09038 FC0080491300A45BB3A2487EB512F0A31C257EA421>II<1318A51338A31378A313F8120112031207 001FB5FCB6FCA2D801F8C7FCB215C0A93800FC011580EB7C03017E13006D5AEB0FFEEB01 F81A347FB220>IIIIII<003FB512FCA2EB8003D83E0013F8003CEB07F00038EB0F E012300070EB1FC0EC3F800060137F150014FE495AA2C6485A495AA2495A495A495AA290 387F000613FEA2485A485A0007140E5B4848130C4848131CA24848133C48C7127C48EB03 FC90B5FCA21F247EA325>I E %EndDVIPSBitmapFont %DVIPSBitmapFont: Ff ecbx1440 14.4 36 /Ff 36 122 df28 D46 D<151E153E15FE1403140F147FEB07FF0003B5FCB6FCA3EBF87FEAFC 00C7FCB3B3B3A6007FB712FCA52E4E76CD42>49 DI<913807FFC0027F13FC0103B67E010F15E090261FF80313F890267FC0007F01FEC7EA 3FFE48488148486E138013FE486C6C6D13C0804817E080A66C5B18C06C5B6C90C75AD800 38168090C8FC4C1300A24C5A5F4C5A4B5B4B13C0030F5BDB7FFEC7FC91387FFFF816C016 FCEEFF80DA000313E09238007FF8EE3FFE707E70138018C07013E018F07013F8A218FC82 A218FEA3EA03C0EA0FF0EA3FFC487EA2B5FCA218FCA25E18F8A26C4816F0495C4916E0D8 3FE04A13C06C485CD80FF04A1380D807FE91387FFE003B03FFE003FFFC6C90B65A6C6C15 E0010F92C7FC010114FCD9001F1380374F7BCD42>I<17FC1601A216031607160FA2161F 163F167FA216FF5D5DA25D5D5D167F153E157E15FC15F8EC01F01403EC07E015C0EC0F80 141FEC3F00143E5C14FC495A5C495A1307495A5C49C7FC5B137E137C5B1201485A5B485A 120F485A90C8FC123E127E5ABA1280A5C901FCC7FCAF021FB71280A5394F7CCE42>I<48 6C150601F0153E01FEEC01FED9FFF0133F91B65A5F5F5F5F5F94C7FC16FC5E16E093C8FC 15FC01F0138091CAFCAC913807FF80023F13F891B512FE01F36E7E9026FFFC0113E09139 E0007FF891C76C7E496E7E01F86E7E5B7013804916C0C9FC18E08218F0A418F8A31203EA 0FE0EA3FF8487EA212FF7FA218F0A25B5E6C4816E05B01C016C06CC85A18806C6C4A1300 7FD80FF04A5A6C6CECFFFCD803FE4913F02701FFE00F5B6C6CB612806D92C7FC010F14F8 010114C09026003FFCC8FC354F7ACD42>II<173FA24D7EA34D7EA2 4C7FA34C7FA24C7FA34C7FA24C7FA34C7F163E83047E80EE7C3F04FC8016F8830301814C 7E03038116E0830307814C7E030F81168083031F811600834B81033E80037E82157C8403 FC824B800201835D840203834B800207835D92B8FC4A83A34A8392C9FC4A83143E85027E 84027C8202FC845C850101854A820103855C850107854A82A2494884D93FF082B600F002 0FB712C0A55A547CD363>65 D68 D70 D73 D76 DI82 DI<003FBB12FCA59126C0007FEB000301FCC7ED003FD87FF0F00FFE491807 49180349180190C81600A2007E1A7EA3007C1A3EA500FC1A3F481A1FA6C91700B3B3AC49 B912C0A550517BD05B>I97 DI<913803FFE0023F13FE91B67E010315E0010F9038003FF8D93FFCEB07FC4948 497E4948131F4849497E485B485BA24890C7FC5A5B003F6F5A705A705A007F92C8FC5BA3 12FFAD127F7FA3123F7F6CEE0F80A26C6D141F18006C6D5C6C6D143E6C6D147E6C6D5C6D 6C495A6DB4EB07F0010F9038C01FE06D90B5128001014AC7FCD9003F13F8020313803138 7CB63A>I<943803FF80040FB5FCA5EE003F170FB3A4913803FF80023F13F849B512FE01 07ECFF8F011F9038C03FEF90273FFE0007B5FCD97FF8130149487F484980484980484980 488291C8FC5A5B123FA2127F5BA312FFAD127FA37F123FA3121F7F6C5E6C6D5C5F6C6D91 B5FC6C6D5B6C6D4914E0D97FFCD90FEFEBFF80D91FFFEB7F8F010790B5120F010114FC6D 6C13E00207010049C7FC41547CD249>I<913807FF80027F13F849B512FE01076E7E011F 010313E0903A3FFC007FF0D97FF06D7E49486D7E4849130F48496D7E48824890C77E1880 485A82003F17C0A3485A18E082A212FFA290B8FCA401FCCAFCA6127FA37F123FA2EF03E0 6C7E17076C17C06C6D140F18806C6D141F6C6DEC3F006C6D147ED97FFC495AD91FFFEB07 F86D9038E03FF0010390B512C001005D023F01FCC7FC020113E033387CB63C>IIII<133FEBFFC0487F487FA2 487FA66C5BA26C5B6C5B013FC7FC90C8FCAEEB1FF8B5FCA512017EB3B3A6B612F0A51C54 7CD324>I108 DII<913801FFC0023F13FE91B67E010315E001 0F018013F8903A3FFC001FFED97FF0EB07FF49486D7F48496D7F48496D7F91C8127F4883 488349153F001F83A2003F8349151FA2007F83A400FF1880AC007F1800A3003F5F6D153F A2001F5FA26C6C4B5AA26C6D4A5A6C5F6C6D495B6C6D495B6D6C4990C7FCD93FFCEB1FFE 6DB46CB45A010790B512F0010115C0D9003F49C8FC020313E039387CB642>II<90393FF001FCB590 380FFF804B13E0037F13F09238FE1FF89138F1F83F00019138F07FFC6CEBF3E015C0ECF7 80A2ECFF00EE3FF84AEB1FF0EE0FE093C7FC5CA45CB3ABB612FEA52E367DB535>114 D<903903FFC00E011FEBFC1E90B6127E000315FE3907FE003FD80FF0130F484813034848 1301491300127F90C8127EA248153EA27FA27F01F091C7FC13FCEBFF806C13FEECFFF06C 14FE6F7E6C15E06C816C15FC6C81C681133F010F15801301D9000F14C0EC003F030713E0 150100F880167F6C153FA2161F7EA217C07E6D143F17807F6DEC7F0001F85C6DEB03FE90 39FF801FFC486CB512F0D8F81F14C0D8F00791C7FC39E0007FF02B387CB634>I<147CA6 14FCA41301A31303A21307A2130F131F133F137F13FF1203000F90B512FEB7FCA426007F FCC8FCB3A9EE0F80ABEE1F006D7EA2011F143E806D6D5A6DEBC1F86DEBFFF001005C023F 1380DA03FEC7FC294D7ECB33>II121 D E %EndDVIPSBitmapFont %DVIPSBitmapFont: Fg ecrm1200 12 30 /Fg 30 123 df<121EEA7F8012FF13C0A213E0A3127FEA1E601200A413E013C0A3120113 80120313005A1206120E5A5A5A12600B1D78891B>44 D<121EEA7F80A2EAFFC0A4EA7F80 A2EA1E000A0A78891B>46 D<14FF010713E090381F81F890383E007C01FC133F4848EB1F 8049130F4848EB07C04848EB03E0A2000F15F0491301001F15F8A2003F15FCA390C8FC48 15FEA54815FFB3A46C15FEA56D1301003F15FCA3001F15F8A26C6CEB03F0A36C6CEB07E0 000315C06D130F6C6CEB1F806C6CEB3F00013E137C90381F81F8903807FFE0010090C7FC 28447CC131>48 D<143014F013011303131F13FFB5FC13E713071200B3B3B0497E497E00 7FB6FCA3204278C131>II 52 D<000615C0D807C0130701FCEB7F8090B612005D5D5D15E0158026063FFCC7FC90C9 FCAE14FF010713C090381F01F090383800FC01F0137ED807C07F49EB1F8016C090C7120F 000615E0C8EA07F0A316F81503A216FCA5123E127F487EA416F890C712075A006015F0A2 0070140F003015E00038EC1FC07E001EEC3F806CEC7F006C6C13FE6C6C485A3901F807F0 39007FFFE0011F90C7FCEB07F826447BC131>I<121EEA7F80A2EAFFC0A4EA7F80A2EA1E 00C7FCB3A5121EEA7F8012FF13C0A213E0A3127FEA1E601200A413E013C0A31201138012 0313005A1206120E5A5A5A12600B3E78AA1B>59 D<1960F001E0F00780F03E0018F8EF03 C0050FC7FC173CEE01F0EE07C0041EC8FC1678ED01E0ED0F80033EC9FC15F0EC03C0020F CAFC147CEB01F0EB0780011ECBFC1378EA03E0EA0F80003CCCFC12F0A2123CEA0F80EA03 E0EA0078131EEB0780EB01F0EB007C140FEC03C0EC00F0153EED0F80ED01E0ED0078161E EE07C0EE01F0EE003C170FEF03C0EF00F8183EF00780F001E0F000603B3678B34C>I<12 C012F0123CEA0F80EA03E0EA0078131EEB0780EB01F0EB007C140FEC03C0EC00F0153EED 0F80ED01E0ED0078161EEE07C0EE01F0EE003C170FEF03C0EF00F8183EF00780F001E0A2 F00780F03E0018F8EF03C0050FC7FC173CEE01F0EE07C0041EC8FC1678ED01E0ED0F8003 3EC9FC15F0EC03C0020FCAFC147CEB01F0EB0780011ECBFC1378EA03E0EA0F80003CCCFC 12F012C03B3678B34C>62 D64 D71 D<010FB512FEA3D9000313806E130080B3B3AB123F487E487EA44A5A13801300006C495A 00705C6C13076C5C6C495A6CEB1F802603E07FC7FC3800FFFCEB1FE027467BC332>74 D86 D97 D 99 D101 D103 DII<143C14 FFA2491380A46D1300A2143C91C7FCADEC7F80EB3FFFA31300147F143FB3B3AA123E127F 39FF807F00A2147EA25C6C485A383C01F06C485A3807FF80D801FEC7FC195785C21E>I< D801FC01FFEC1FE000FF010701E0EBFFFC913B0F03F801E07F913C3C01FC07803F800007 903C7000FE0E001FC0000349D97E1C130F2601FDC0D97F38804A143001FFDA3FF06D7E91 C75BA2495DA3495DB3A8486C4A6C497EB5D8F81FB50003B512E0A34B2C7DAB52>109 D<3901FC01FE00FF903807FFC091381E07F091383801F8000701707F0003EBE0002601FD C07F5C01FF147F91C7FCA25BA35BB3A8486CECFF80B5D8F83F13FEA32F2C7DAB36>II<3901FC03FC00FF90380FFF8091383C07E091 387001F83A07FDE000FE00010180137F01FFEC3F8091C7EA1FC04915E049140F17F01607 17F8160317FCA3EE01FEABEE03FCA3EE07F8A217F0160F6D15E0EE1FC06D143F17806EEB 7E00D9FDC05B9039FCF003F891383C0FE091381FFF80DA03FCC7FC91C9FCAE487EB512F8 A32F3F7DAB36>I<3903F803F000FFEB1FFCEC3C3EEC707F0007EBE0FF3803F9C000015B 13FBEC007E153C01FF13005BA45BB3A748B4FCB512FEA3202C7DAB26>114 D<90383FE0183901FFFC383907E01F78390F0003F8001E1301481300007C1478127800F8 1438A21518A27EA27E6C6C13006C7E13FC383FFFE06C13FC6C13FF6C14C06C14E0C614F0 011F13F81300EC0FFC140300C0EB01FE1400157E7E153EA27EA36C143C6C147C15786C14 F86CEB01F039F38003E039F1F00F8039E07FFE0038C00FF01F2E7DAC26>I117 D121 D<003FB612E0A29038C0003F90C713C0003CEC7F800038ECFF00 A20030495A0070495AA24A5A0060495AA24A5A4A5AA2C7485A4AC7FC5B5C495A13075C49 5A131F4A1360495A495AA249C712C0485AA2485A485A1501485A48481303A24848EB0780 4848131F00FF14FF90B6FCA2232B7DAA2B>I E %EndDVIPSBitmapFont %DVIPSBitmapFont: Fh ecrm1728 17.28 21 /Fh 21 120 df28 D<120FEA3FC0EA7FE0EAFFF0A6EA7FE0EA3FC0EA 0F00C7FCB3B3A2120FEA3FC0EA7FE0EAFFF0A6EA7FE0EA3FC0EA0F000C3E74BD25>58 D73 D80 D86 D97 D<4AB47E020F13F8023F 13FE9139FF007F80D903FCEB07E0D907F0EB01F0D91FE0EB007849488049488049C87E48 485D4915FF00034B138048485CA2485AA2485AA2003F6F130049EC007C94C7FC127FA35B 12FFAD127F7FA4123F7FA2001FEE01C07F000F16036D168012076C6C15076D160000015E 6C6C151E6D6C5C6D6C5C6D6C5CD90FF8495AD903FCEB07C0903A00FF803F8091263FFFFE C7FC020F13F80201138032417BBF3C>99 D<181EEF3FFEEE07FFA4EE000F1703A21701B3 AAEDFF80020F13F8023F13FE9139FF803F81903A03FC0007C14948EB01E1D91FE0EB00F9 4948147D4948143D49C8121F4848150F491507120348481503491501120F121F5BA2123F 5B127FA45B12FFAD127F7FA3123FA27F121FA26C6C1503A26C6C150712036D150F6C6C15 1F0000163D137F6D6CECF9FF6D6CEB01F1D90FF0D903C113C06D6CD90F81EBFF80D901FF EB7F019039007FFFFC021F13E00201010091C7FC41657BE34B>II<187FDA07FC903803FFC091273FFF 800F13E091B539E01F83F0903B03FC07F87C07903A07F001FCF0903A0FC0007FC04948EB 3F80013FEE03E049C76C6CC7FC01FE6E7EA248486E7EA2000382A2491403000782AA0003 5E6D1407A200015EA26C6C4A5AA2017F4A5A6D6C495A011F92C8FC496C137E903937F001 FC903973FC07F80160B512E0D9E03F1380DA07FCC9FC4848CBFCA57FA37F7F7F6CB4FC91 B512FC6DECFFE017FC6D15FF6D16C06D16F0013F8201FEC700037FD803F89138001FFED8 07E015074848ED01FF484881003FEF7F8090CA123F127EF01FC012FE48170FA66C171F00 7E1880A2007F173F6C6CEE7F00001F177E6C6C5E6D1501D803F8ED07F06C6C4B5A6CB4ED 3FC0D93FE049B4C7FCD90FFEEB1FFC0103B612F0D9007F1480020301F0C8FC3C5E7CBF43 >103 DI<1378EA 01FE487E487FA66C90C7FC6C5AEA007890C8FCB3A2EB0780EA0FFFB5FCA41203C6FCA213 7FB3B3AC497E487FB61280A4195F7BDE25>I107 DIII< 4AB47E020F13F0027F13FE4AC67ED903F8EB1FC0D907E0EB07E0D91FC0EB03F849486D7E 49C87E01FE157F49814848ED1F80000317C04848ED0FE0A24848ED07F0A2001F17F84915 03003F17FCA3007F17FE491501A400FF17FFAC007F17FEA26D1503A3003F17FCA2001F17 F86D1507A2000F17F06D150F000717E06C6CED1FC0A26C6CED3F806C6CED7F00017F15FE 6D6C495A6D6C495A6D6C495AD903F8EB1FC06DB4EBFF806D6CB448C7FC020F13F0020113 8038417BBF43>II<010FEB07F8D80FFFEB1FFEB590387FFF809238F81FC0913801E03F913903C0 7FE00003EB0780C6EB0F00140E6D5A0218EB3FC00238EB1F800230EB0600027090C7FCA2 146014E0A25CA55CB3B0497E4813F0B612F8A42B3F7BBE34>114 D<1470A714F0A51301A31303A21307A2130FA2131F133F137F13FF1203000F90B6FCB8FC A326000FF0C8FCB3AEEE01C0AE6D6CEB0380A316076D6C14005E6D6C130E6D6C131E6E6C 5A91383FE0F86EB45A020713C0020090C7FC2A597ED734>116 D119 D E %EndDVIPSBitmapFont end %%EndProlog %%BeginSetup %%Feature: *Resolution 600dpi TeXDict begin %%BeginPaperSize: Letter letter %%EndPaperSize %%EndSetup %%Page: 1 1 1 0 bop 520 872 a Fh(P)l(ac)l(k)-7 b(age)45 b(V)-11 b(eri\034cation)47 b(with)f(dpkg:)61 b(Implemen)l(tation)1082 1112 y Fg(John)32 b(Go)s(erzen)h()1380 1307 y(V)g(ersion)32 b(5;)g(Jan)m(uary)i(4,)e(2001)515 1620 y Ff(1)131 b(In)l(tro)t(duction)515 1801 y Fe(As)34 b(part)f(of)h(a)f(con)n(tin)n(uing)g(e\033ort)g(to)h(impro)n(v)n(e)e (the)i(securit)n(y)f(of)h(users)f(of)g(Debian)h(and)515 1901 y(Debian-based)29 b(systems,)h(one)f(step)h(that)g(is)g(imp)r (ortan)n(t)f(to)h(tak)n(e)f(is)h(to)f(allo)n(w)g(the)h(users)515 2001 y(to)23 b(v)n(erify)f(for)g(themselv)n(es)h(that)g(.deb)g(pac)n(k) -5 b(ages)21 b(that)j(they)f(ha)n(v)n(e)f(are)g(from)g(an)h(authen)n (tic)515 2100 y(source.)41 b(This)30 b(mec)n(hanism)f(is)g(in)n(tended) h(to)f(prev)n(en)n(t)g(v)-5 b(arious)28 b(t)n(yp)r(es)h(of)h(attac)n (ks.)41 b(Some)515 2200 y(are:)639 2344 y Fd(\017)g Fe(Prev)n(en)n (ting)30 b(p)r(eople)h(from)g(setting)g(up)g(a)f(fak)n(e)h(Debian)g (arc)n(hiv)n(e,)f(con)n(taining)f(p)r(o-)722 2444 y(ten)n(tially)j(tro) 5 b(janed)32 b(pac)n(k)-5 b(ages,)31 b(and)h(masquerading)f(as)g(a)h (real)f(Debian)i(arc)n(hiv)n(e.)722 2543 y(This)38 b(attac)n(k)f(can)h (b)r(e)g(th)n(w)n(arted)g(b)n(y)f(c)n(hec)n(king)g(an)h(origin)f (signature,)i(c)n(hec)n(king)722 2643 y(arc)n(hiv)n(e)26 b(signatures,)g(or)h(c)n(hec)n(king)f(main)n(tainer)h(signatures.)639 2794 y Fd(\017)41 b Fe(Prev)n(en)n(ting)31 b(altered)g(.deb)h(pac)n(k) -5 b(ages)30 b(from)h(b)r(eing)h(installed)g(undetected.)50 b(Since)722 2893 y(all)34 b(signatures)e(are)g(applied)i(to)f(the)h (con)n(ten)n(ts,)g(an)n(y)f(signature)f(that)i(is)f(c)n(hec)n(k)n(ed) 722 2993 y(will)28 b(protect)f(against)g(this)g(attac)n(k.)639 3143 y Fd(\017)41 b Fe(Prev)n(en)n(ting)33 b(p)r(eople)g(from)g (separating)f(or)g(inserting)h(forged)f(data)h(or)g(metadata)722 3243 y(in)n(to)25 b(a)f(pac)n(k)-5 b(age.)35 b(Because)24 b(all)g(signatures)g(are)g(applied)g(to)h(b)r(oth)g(the)h(con)n(trol)d (and)722 3343 y(the)36 b(data)e(c)n(h)n(unks)g(together,)i(separating)d (them)i(will)g(not)g(b)r(e)g(p)r(ossible)g(without)722 3442 y(causing)27 b(a)g(signature)f(failure.)639 3593 y Fd(\017)41 b Fe(Helping)22 b(to)f(prev)n(en)n(t)g(old)g(pac)n(k)-5 b(ages)20 b(from)h(b)r(eing)h(presen)n(ted)e(as)h(new.)35 b(By)21 b(c)n(hec)n(king)722 3693 y(the)30 b(signature)e(date,)i(p)r (olicy)g(\034les)f(can)g(b)r(e)h(set)g(to)f(reject)g(pac)n(k)-5 b(ages)28 b(that)i(con)n(tain)722 3792 y(old)39 b(signatures.)68 b(Sites)39 b(migh)n(t)g(re-sign)e(their)i(pac)n(k)-5 b(ages)36 b(p)r(erio)r(dically)i(with)h(an)722 3892 y(\020arc)n(hiv)n (e\021)k(or)38 b(a)g(\020timeliness\021)45 b(signature)38 b(that)h(could)f(b)r(e)h(used)g(sp)r(eci\034cally)f(for)722 3991 y(this)28 b(purp)r(ose.)639 4142 y Fd(\017)41 b Fe(Allo)n(wing)27 b(v)n(eri\034cation)g(to)h(ensure)f(that)h(a)f(giv)n (en)g(pac)n(k)-5 b(age)27 b(w)n(as)f(part)i(of)g(a)f(partic-)722 4242 y(ular)32 b(arc)n(hiv)n(e)f(site,)j(distribution,)f(made)g(b)n(y)f (a)g(particular)f(dev)n(elop)r(er,)i(etc.)52 b(Sig-)722 4341 y(natures)28 b(could)g(b)r(e)h(applied)f(for)g(v)-5 b(arious)27 b(stages)h(of)g(dev)n(elopmen)n(t)g(\025)g(appro)n(v)-5 b(al)26 b(b)n(y)722 4441 y(QA)39 b(managers,)h(release)d(managers,)j (etc.)70 b(The)39 b(m)n(ultiple)h(signature)d(p)r(er)i(.deb)722 4541 y(arc)n(hitecture)27 b(outlined)g(in)h(this)g(prop)r(osal)e(allo)n (ws)g(this.)639 4691 y Fd(\017)41 b Fe(Allo)n(wing)21 b(v)n(eri\034cation)f(of)i(an)f(isolated)g(.deb,)i(ev)n(en)e(in)h(the)g (absence)f(of)h(an)f(In)n(ternet)722 4791 y(connection)26 b(or)f(access)g(to)h(an)g(arc)n(hiv)n(e.)34 b(By)26 b(including)g(the)h (signatures)e(inside)h(the)722 4890 y(.deb)34 b(itself,)i(it)e(is)f (not)h(necessary)e(to)h(do)n(wnload)g(signed)g(index)h(\034les)f(to)h (v)n(erify)e(a)722 4990 y(signature.)1926 5255 y(1)p eop %%Page: 2 2 2 1 bop 515 523 a Fc(1.1)112 b(Unaddressed)39 b(Problems)515 676 y Fe(The)33 b(approac)n(h)e(set)j(forth)f(in)g(this)h(do)r(cumen)n (t)f(lea)n(v)n(es)f(one)h(hole)g(that)g(m)n(ust)h(b)r(e)f(solv)n(ed)515 776 y(b)n(y)27 b(other)h(means.)37 b(That)27 b(problem)h(is)g(the)g (task)f(of)h(insuring)f(the)h(in)n(tegrit)n(y)f(of)h(the)g(k)n(eys,)515 876 y(p)r(olicy)33 b(\034les,)j(and)d(programs)f(themselv)n(es)h(used)h (to)f(carry)f(out)i(the)g(v)n(eri\034cation.)54 b(One)515 975 y(p)r(oten)n(tial)29 b(solution)h(is)f(to)h(mo)r(dify)g(apt-get)g (to)f(supp)r(ort)h(h)n(ttps)g(and)g(use)f(trusted)h(third-)515 1075 y(part)n(y)c(\(e.g.,)i(Tha)n(wte\))f(to)h(shore)e(up)i(this)g (problem.)639 1174 y(The)e(mec)n(hanism)e(used)h(to)g(ensure)g(old)g (pac)n(k)-5 b(ages)23 b(are)i(not)g(presen)n(ted)f(as)h(new)g(migh)n(t) 515 1274 y(b)r(e)i(resource-in)n(tensiv)n(e)e(on)i(the)g(serv)n(er)f (in)h(some)g(situations.)36 b(One)27 b(p)r(oten)n(tial)g(a)n(v)n(en)n (ue)f(to)515 1374 y(explore)g(there)i(migh)n(t)f(b)r(e)h(to)f(pro)n (vide)g(signed)g(P)n(ac)n(k)-5 b(ages)26 b(\034les)h(on)g(the)h(serv)n (er.)515 1606 y Fc(1.2)112 b(Rationale)515 1759 y Fe(Some)23 b(though)n(t)g(has)g(gone)f(in)n(to)h(the)h(design)f(of)h(this)f (particular)f(solution.)35 b(F)-7 b(or)23 b(b)r(ene\034t)h(of)515 1859 y(future)i(discussions,)e(here)h(is)h(some)e(information)h(on)g (ho)n(w)g(this)h(mec)n(hanism)f(w)n(as)f(c)n(hosen)515 1959 y(and)j(reasons)f(for)h(it.)37 b(Here)27 b(are)g(the)h(main)f (alternativ)n(es)f(that)i(ha)n(v)n(e)f(b)r(een)g(considered:)515 2141 y Fb(GPG)42 b Fe(T)-7 b(o)30 b(implemen)n(t)g(this,)i(additional)d (supp)r(ort)h(w)n(ould)g(b)r(e)h(required)e(from)h(dinstall,)722 2241 y(apt,)37 b(genc)n(hanges,)e(and)g(v)-5 b(arious)34 b(other)h(utilities.)60 b(The)35 b(additional)g(complexit)n(y)722 2340 y(of)c(doing)g(so)g(and)g(the)g(p)r(ossibilit)n(y)g(of)g (separating)f(the)h(signature)f(from)h(the)h(.deb)722 2440 y(mak)n(es)27 b(this)h(approac)n(h)d(undesirable.)515 2606 y Fb(GPG)42 b Fe(format.)58 b(Ho)n(w)n(ev)n(er,)35 b(this)g(w)n(ould)f(c)n(hange)g(the)h(basic)g(format)f(of)h(the)g(.deb) g(and)722 2706 y(render)27 b(it)g(un)n(usable)g(without)g(a)g(curren)n (t)g(dpkg)f(and)h(GPG)h(installed)g(on)e(the)i(sys-)722 2805 y(tem.)61 b(Since)35 b(it)h(breaks)e(bac)n(kw)n(ard)f (compatibilit)n(y)i(in)g(suc)n(h)g(a)g(sev)n(ere)f(w)n(a)n(y)-7 b(,)36 b(this)722 2905 y(approac)n(h)26 b(is)h(also)g(undesirable.)515 3071 y Fb(Sig-p)s(er-c)m(h)m(unk)41 b Fe(A)g(sig-p)r(er-c)n(h)n(unk)d (system)j(w)n(ould)e(place)h(separate)f(sigs)h(in)g(the)h(ar)722 3171 y(\034le)30 b(for)f(the)i(data)e(and)g(the)i(con)n(trol)d(c)n(h)n (unks.)43 b(Unfortunately)-7 b(,)30 b(this)g(w)n(ould)f(allo)n(w)722 3270 y(someone)c(to)h(mix)g(and)f(matc)n(h)h(data)f(and)h(con)n(trol)e (data)h(in)h(making)f(tro)5 b(jan)25 b(.debs,)722 3370 y(whic)n(h)j(can)f(also)f(b)r(e)i(a)g(securit)n(y)e(threat.)515 3536 y Fb(Sig-p)s(er-rep)s(ository)39 b Fe(A)f(sig-p)r(er-rep)r (ository)c(system)k(w)n(ould)f(place)g(an)h(md5sum)f(of)722 3636 y(a)d(.deb)h(in)n(to)f(the)g(P)n(ac)n(k)-5 b(ages)33 b(\034les)h(and)g(sign)g(those.)57 b(Ho)n(w)n(ev)n(er,)34 b(this)g(omits)g(\034ne-)722 3735 y(grained)25 b(con)n(trol)f(and)h (prev)n(en)n(ts)g(v)n(eri\034cation)f(of)i(a)f(.deb)h(in)g(absence)f (of)g(the)h(P)n(ac)n(k-)722 3835 y(ages)e(\034le)i(from)e(the)i(In)n (ternet.)36 b(It)26 b(also)e(requires)g(solutions)g(to)h(problems)f(of) i(deter-)722 3934 y(mining)i(whic)n(h)f(arc)n(hiv)n(e)f(a)h(pac)n(k)-5 b(age)26 b(came)h(from.)515 4117 y(The)40 b(p)r(olicy)f(\034les)h (\(see)g(section)f Fb(??)p Fe(\))h(are)f(designed)g(to)h(b)r(e)g (simple,)j(straigh)n(tforw)n(ard,)515 4217 y(and)30 b(easy)f(to)h(b)r (oth)h(write)f(and)g(parse.)44 b(By)30 b(k)n(eeping)g(them)g(as)g (simple)g(as)g(p)r(ossible,)h(the)515 4316 y(p)r(oten)n(tial)23 b(for)g(b)r(oth)h(h)n(uman)g(authoring)e(errors)g(and)h(parsing)f (errors)g(in)i(soft)n(w)n(are)d(can)j(b)r(e)515 4416 2000 y(minimized.)515 4690 y Ff(2)131 b(Mo)t(di\034cations)44 b(to)g(.deb)515 4872 y Fe(Curren)n(tly)-7 b(,)19 b(a)f(.deb)h(consists) e(of)h(an)h(ar)e(arc)n(hiv)n(e)g(con)n(taining)g(con)n(trol.tar.gz)f (and)i(a)g(data.tar.gz)515 4972 y(\034les.)34 b(These)19 b(\034les)g(represen)n(t)f(pac)n(k)-5 b(age)18 b(meta-data)g(and)h(pac) n(k)-5 b(age)18 b(con)n(ten)n(ts,)i(resp)r(ectiv)n(ely)-7 b(.)1926 5255 y(2)p eop %%Page: 3 3 3 2 bop 515 523 a Fe(Eac)n(h)35 b(signature)f(will)h(b)r(e)g(applied)g (to)g(the)h(con)n(trol.tar.gz)c(and)j(data.tar.gz)f(\034les)h(con-)515 623 y(catenated)29 b(together)g(in)h(that)g(order.)42 b(The)29 b(\034les)h(should)f(not)h(b)r(e)g(decompressed)e(b)r(efore) 515 722 y(applying)f(the)h(signature.)639 822 y(Eac)n(h)h(signature)f (\034le)h(will)h(b)r(e)f(stored)f(in)i(the)f(ar)f(arc)n(hiv)n(e)f(and)i (ha)n(v)n(e)f(a)h(name)g(of)g(this)515 922 y(form:)639 1021 y(_gpg)p Fa(typ)l(e)639 1121 y Fe(Therefore,)19 b(an)g(origin)e(signature)g(w)n(ould)h(b)r(e)h(named)g(_gpgorigin.)31 b(The)19 b(\020t)n(yp)r(e\021)25 b(string)515 1220 y(m)n(ust)i(not)h (exceed)f(10)g(c)n(haracters)e(in)j(length)f(nor)g(b)r(e)h(less)f(than) h(1)f(c)n(haracter.)639 1320 y(Therefore,)44 b(an)e(origin)f(signature) f(in)i(Gn)n(uPG)h(format)e(w)n(ould)h(b)r(e)g(named)f(_sig-)515 1420 y(origin.gpg.)35 b(A)n(t)27 b(this)h(time,)g(all)g(signatures)e(m) n(ust)h(b)r(e)h(in)g(Gn)n(uPG)h(format.)515 1694 y Ff(3)131 b(Signatures)44 b(and)g(T)l(yp)t(es)515 1876 y Fe(Eac)n(h)32 b(.deb)g(\034le)h(that)g(is)f(signed)g(m)n(ust)g(ha)n(v)n(e)f(at)i (least)e(an)i(origin)e(signature.)50 b(This)32 b(sig-)515 1976 y(nature)e(should)h(b)r(e)g(unique)g(p)r(er)g(en)n(tit)n(y)-7 b(.)47 b(F)-7 b(or)30 b(instance,)i(Debian,)g(Helix,)g(and)e(Progen)n (y)515 2075 y(w)n(ould)h(eac)n(h)g(pro)n(vide)g(an)g(origin)g (signature.)48 b(The)32 b(origin)f(signature)g(is)g(used)h(as)f(a)h(k)n (ey)515 2175 y(in)n(to)c(the)i(p)r(olicy)f(database)e(suc)n(h)i(that)g (the)h(prop)r(er)e(p)r(olicy)g(description)h(can)f(b)r(e)i(loaded)515 2275 y(to)d(describ)r(e)g(the)h(\034le.)639 2374 y(Bey)n(ond)22 b(the)h(origin)f(signature,)h(the)g(signature)f(t)n(yp)r(es)h(that)g (are)f(presen)n(t)g(or)g(required)515 2474 y(are)30 b(de\034ned)h(b)n (y)f(the)i(site)f(p)r(olicy)-7 b(.)46 b(Examples)31 b(of)g(other)f (signatures)g(migh)n(t)h(b)r(e)g(a)f(main-)515 2573 y(tainer)21 b(signature)f(from)h(the)h(p)r(erson)f(that)h(built)g(the)g(pac)n(k)-5 b(age,)21 b(a)g(signature)g(from)g(qualit)n(y)515 2673 y(assurance)28 b(certifying)j(that)g(the)g(pac)n(k)-5 b(age)29 b(has)h(passed)g(QA)g(tests,)i(a)e(signature)f(from)h(a)515 2773 y(release)h(manager)g(certifying)h(that)i(a)e(pac)n(k)-5 b(age)31 b(w)n(as)h(part)g(of)h(a)f(giv)n(en)g(distribution)h(re-)515 2872 y(lease,)h(and)f(a)g(signature)f(from)h(an)g(arc)n(hiv)n(e)f(main) n(tainer)g(certifying)h(that)h(the)g(pac)n(k)-5 b(age)515 2972 y(w)n(en)n(t)27 b(in)n(to)g(an)h(arc)n(hiv)n(e.)515 3246 y Ff(4)131 b(A)44 b(Run)l(through)515 3428 y Fe(T)-7 b(o)25 b(mak)n(e)f(sure)h(the)h(en)n(tire)f(pro)r(cess)f(is)i(en)n (tirely)f(clear,)g(here)g(is)g(what)g(will)h(o)r(ccur)f(when)g(a)515 3528 y(pac)n(k)-5 b(age)26 b(is)h(pro)r(cessed:)616 3711 y(1.)41 b(The)27 b(Key)g(ID)g(of)g(the)h(origin)e(signature)f(will)j(b) r(e)f(obtained.)37 b(This)27 b(will)g(b)r(e)g(used)g(to)722 3810 y(determine)33 b(the)f(directory)g(in)g(whic)n(h)h(to)f(lo)r(ok)f (for)h(p)r(olicy)h(\034les)f(and)g(k)n(eyrings)f(as)722 3910 y(sp)r(eci\034ed)d(in)g(section)f(5.)616 4076 y(2.)41 b(The)29 b(c)n(hec)n(k)n(er)f(will)h(iterate)g(o)n(v)n(er)e(eac)n(h)h (p)r(olicy)h(\034le)g(in)h(that)f(directory)f(in)h(an)g(arbi-)722 4175 y(trary)e(order,)f(doing)h(the)h(follo)n(wing:)757 4358 y(\(a\))42 b(Compare)27 b(the)i(Origin:)38 b(line)28 b(in)h(the)g(p)r(olicy)f(\034le)h(\(see)g(section)f Fb(??)p Fe(\))h(with)g(the)905 4458 y(Key)g(ID)h(of)g(the)g(origin)e (signature.)42 b(If)30 b(there)f(is)h(a)f(di\033erence,)h(immediately) 905 4557 y(die)e(b)r(ecause)f(of)g(susp)r(ected)h(corrupted)f(p)r (olicy)g(\034les.)753 4690 y(\(b\))42 b(Ev)-5 b(aluate)31 b(the)g(selection)f(clauses,)g(if)h(an)n(y)-7 b(,)31 b(in)g(the)f(p)r(olicy)h(\034le.)46 b(If)31 b(there)f(are)905 4790 y(an)n(y)38 b(that)h(do)f(not)g(pass,)j(skip)d(to)h(the)g(next)f (p)r(olicy)h(\034le.)70 b(If)39 b(all)f(of)h(them)905 4889 y(pass,)32 b(or)f(there)g(are)g(no)g(selection)g(clauses,)h(adopt) g(the)g(curren)n(t)e(p)r(olicy)i(\034le)905 4989 y(as)27 b(authoritativ)n(e)f(for)h(the)h(pac)n(k)-5 b(age.)1926 5255 y(3)p eop %%Page: 4 4 4 3 bop 762 523 a Fe(\(c\))42 b(If)28 b(no)f(appropriate)f(p)r(olicy)i (\034les)f(are)g(found,)h(reject)f(the)h(pac)n(k)-5 b(age)26 b(as)h(ha)n(ving)905 623 y(a)g(bad)h(\(un)n(v)n(erify)n(able\))e (signature.)616 805 y(3.)41 b(Giv)n(en)25 b(the)f(appropriate)f(p)r (olicy)h(\034le,)h(the)g(c)n(hec)n(k)n(er)e(will)i(iterate)e(o)n(v)n (er)g(ev)n(ery)g(v)n(eri\034-)722 905 y(cation)k(clause)g(in)g(that)h (\034le.)36 b(If)28 b(all)f(of)g(them)h(pass,)f(the)g(pac)n(k)-5 b(age)26 b(is)h(considered)f(to)722 1005 y(pass)h(the)h(test.)37 b(If)28 b(an)n(y)e(of)i(them)g(fail,)f(the)h(pac)n(k)-5 b(age)26 b(is)h(considered)f(to)i(ha)n(v)n(e)e(failed)722 1104 y(the)k(test)g(and)f(pro)r(cessing)f(immediately)i(exits.)42 b(No)30 b(other)f(p)r(olicy)g(\034les)g(will)h(ev)n(er)722 1204 y(b)r(e)23 b(tested)g(after)g(this)g(p)r(oin)n(t.)35 b(If)23 b(the)g(p)r(olicy)g(\034le)g(con)n(tains)e(no)i(v)n (eri\034cation)e(clauses,)722 1303 y(it)28 b(will)g(b)r(e)g(rejected)g (as)e(in)n(v)-5 b(alid.)515 1486 y(It)22 b(is)g(p)r(ossible)f(that)h (other)f(pac)n(k)-5 b(age)21 b(v)n(eri\034ers)f(that)i(use)f(the)i (same)e(.deb)h(arc)n(hitecture)e(but)515 1586 y(di\033eren)n(t)29 b(v)n(eri\034cation)f(pro)r(cedures)g(ma)n(y)h(b)r(e)h(in)n(tro)r (duced)f(in)h(the)g(future.)43 b(This)30 b(section)515 1685 y(is)d(not)h(in)n(tended)g(to)f(imply)h(a)f(prohibition)g(against) g(suc)n(h.)515 1960 y Ff(5)131 b(File)44 b(Lo)t(cations)515 2142 y Fe(The)27 b(follo)n(wing)g(lo)r(cations)f(are)h(de\034ned)h(for) f(\034les)g(that)h(comprise)f(this)h(system:)639 2324 y Fd(\017)41 b Fe(/etc/debsigs/p)r(olicy/)p Fa(Origin-ID)8 b Fe(/*)16 b(con)n(tains)k(one)g(or)f(more)h(p)r(olicy)g(\034les)g (that)h(are)722 2424 y(to)g(b)r(e)g(applied)g(for)f(.debs)h(whose)f (Origin)f(k)n(ey)h(w)n(as)g(signed)g(b)n(y)g(the)i(Key)e(ID)h(as)f (listed)722 2524 y(in)30 b(the)g(path.)42 b(The)30 b(p)r(olicies)f(are) f(tried)i(in)g(a)f(non-deterministic)g(order)f(un)n(til)h(one)722 2623 y(matc)n(hes)35 b(the)i(selection)e(criteria.)60 b(Once)35 b(one)h(matc)n(hes)f(the)h(selection)f(criteria,)722 2723 y(the)f(success)e(or)g(failure)g(of)h(the)h(en)n(tire)e(c)n(hec)n (k)g(is)h(en)n(tirely)f(con)n(tingen)n(t)h(up)r(on)g(the)722 2822 y(success)c(or)g(failure)g(of)g(the)h(v)n(eri\034cation)e (clauses.)42 b(If)30 b(no)f(p)r(olicy)g(\034le)h(matc)n(hes)f(the)722 2922 y(selection)e(criteria,)g(then)h(the)g(en)n(tire)f(op)r(eration)f (is)i(determined)f(to)h(fail.)639 3088 y Fd(\017)41 b Fe(/usr/share/debsigs/k)n(eyrings/)o Fa(Origin-ID)8 b Fe(/)o(*)27 b(con)n(tains)32 b(one)h(or)f(more)h(k)n(eyrings)722 3188 y(that)21 b(are)e(used)i(b)n(y)f(the)g(p)r(olicy)g(\034les)h(for)e (the)i(giv)n(en)f(origin.)33 b(They)20 b(ma)n(y)g(b)r(e)h(symlinks)722 3287 y(to)29 b(k)n(eyrings)f(lo)r(cated)g(elsewhere)g(if)i(desired.)41 b(This)29 b(is)g(used)g(as)f(the)i(directory)e(for)722 3387 y(the)i(k)n(eyrings)d(in)i(the)h(RequiredSig)e(and)h(OptionalSig)f (lines)h(unless)g(an)g(absolute)722 3487 y(path)f(is)f(sp)r(eci\034ed)h (there.)515 3669 y(The)k(p)r(olicy)g(\034les)h(are)e(lo)r(cated)h(in)h (/etc)f(b)r(ecause)f(sites)i(ma)n(y)e(opt)i(to)f(alter)g(the)g (criteria)515 3769 y(for)27 b(installing)g(\034les)h(on)f(their)g (site.)37 b(The)28 b(k)n(eyrings)e(are)h(lo)r(cated)g(in)h(/usr/share)d (b)r(ecause)515 3869 y(they)g(should)g(not)g(b)r(e)h(altered)e(lo)r (cally)-7 b(.)35 b(Because)25 b(of)g(the)g(m)n(ulti-\034le)g(and)g(m)n (ulti-directory)515 3968 y(nature,)35 b(it)f(is)g(easy)f(for)g (organizations)e(to)j(pro)n(vide)e(pac)n(k)-5 b(ages)32 b(pro)n(viding)h(information)515 4068 y(for)28 b(v)n(eri\034cation)g (of)h(certain)g(things.)41 b(F)-7 b(or)29 b(instance,)g(Debian)h(could) f(pro)n(vide)f(a)h(debian-)515 4167 y 669 (debsigs-p)r(otato)d(pac)n(k)-5 b(age)26 b(whic)n(h)h(con)n(tains)g(a)g(p)r(olicy)h(\034le)f(and)h(a)f (p)r(otato)g(release)g(\034le.)37 b(It)515 4267 y(could)32 b(dep)r(end)h(on)g(debian-debsigs-main)e(pac)n(k)-5 b(age,)32 b(whic)n(h)h(con)n(tains)e(the)i(k)n(eyring)f(for)515 4367 y(the)26 b(origin)f(\034eld,)h(a)g(symlink)g(to)g(the)g(main)g (Debian)g(k)n(eyring)e(for)i(the)g(main)n(tainers)f(\034eld,)515 4466 y(and)i(a)g(dep)r(endency)h(on)f(debian-k)n(eyring.)1926 5255 y(4)p eop %%Page: 5 5 5 4 bop 515 523 a Ff(6)131 b(Related)43 b(Do)t(cumen)l(ts)515 755 y(References)515 936 y Fe([1])e(de)119 b(Win)n(ter,)142 b(Brenno.)118 b Fa(Gnu)113 b(Privacy)j(Guar)l(d)e(Mini)h(Howto)124 b Fe(at)644 1036 y(h)n(ttp://www.dewin)n(ter.com/gn)n(upg_ho)n (wto/english/.)515 1202 y([2])41 b(F)-7 b(ree)116 b(Soft)n(w)n(are)g(F) -7 b(oundation.)116 b Fa(The)d(GNU)f(Privacy)h(Handb)l(o)l(ok)127 b Fe(at)644 1302 y(h)n(ttp://www.gn)n(upg.org/gph/en/man)n(ual.h)n (tml.)515 1468 y([3])41 b(F)-7 b(ree)25 b(Soft)n(w)n(are)g(F)-7 b(oundation.)25 b Fa(gp)l(g)k(manp)l(age)k Fe(a)n(v)-5 b(ailable)24 b(on)h(lo)r(cal)g(systems)h(with)g(gpg)644 1567 y(or)h(at)g(h)n(ttp://www.gn)n(upg.org/gpgman.h)n(tml.)515 1734 y([4])41 b(Braakman,)143 b(Dorman,)i(et)122 b(al.)g Fa(Debian)117 b(Packaging)h(Manual)131 b Fe(at)644 1833 y(h)n(ttp://www.debian.org/do)r(c/pac)n(k)-5 b(aging-man)n(ua)o(ls/pa)o (c)n(k)g(a)o(ging.h)m(tml/.)515 1999 y([5])41 b(Quinlan,)245 b(Daniel.)202 b Fa(Filesystem)191 b(Hier)l(ar)l(chy)g(Standar)l(d)211 b Fe(at)644 2099 y(h)n(ttp://www.pathname.com/fhs/.)1926 5255 y(5)p eop %%Trailer end userdict /end-hook known{end-hook}if %%EOF 0