Re: Wishlist for woody+1
I also think that signed packages are a very important feature for the
future. but someone once pointed out that you also need to sign and
check the Release and Package files (signed they already are).
Is anyone working on the whole matter? could she need a helping hand?
On Sun, May 26, 2002 at 05:07:47PM -0400, Mike Furr wrote:
> On Sun, 2002-05-26 at 06:05, Marc Haber wrote:
> > - apt actually checking a package's signature, given a keyring
> > containing keys of maintainers whose packages are to be accepted
> > (being the Debian keyring by default, but being locally modifyable).
> debsigs and debsig-verify already exist, getting apt to use them
> shouldn't be hard. What is needed is to get the policy in place, so
> that more than just a handful of packages are signed.
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org