Hi, Where can I find an uptodate description of exactly how PGP is used by APT in packaging? I can't find the source any more but I got the impression that the individual packages were not signed but merely checksummed and that the list of checksums was the only thing that was actually signed. What is the real situation? Regards, /Lars