On Wed, 2005-06-29 at 08:02 -0400, Lennart Sorensen wrote: > On Wed, Jun 29, 2005 at 12:52:47PM +0100, Andrei Mikhailovsky wrote: > > Has anyone anyone manage to make verification of packages/Release files > > work under amd64? > > > > Many thanks for any help > > I was under the impression the majority of packages in debian were not > signed, since no one has come up with a way for the buildd to sign a > package using a package maintainers key (and I imagine no one should try > either). Perhaps the package maintainers could (maybe some already do, > not sure) sign packages from the buildd when they are done, but I don't > think that is the case at the moment. Certainly I know debsigs just > didn't work very well before given how many packages were not signed. Why not give buildd its own user and gpg key, kept up-to-date by the debian sysadmins in the same way they maintain the root accounts, SSL certs, etc.? $0.02USD, -s
Attachment:
signature.asc
Description: This is a digitally signed message part