Re: changes file format
> It's important that the distribution channels for the MD5 checksum
> information and the files themselves remain separate. (For this
> reason I think that putting the MD5 checksums in the Incoming
> directory itself is bad - there should be a separate administrative
This is why I had proposed to PGP-sign the .changes files as a method of
verifying their authenticity. The program that processed the .changes files
would check them against the purported author's public key.
If I understand you correctly, you are proposing to have a write-only upload
directory for the .changes files .