Lalo Martins <lalo@webcom.com> writes: > OTOH, we could just sign all packages with a same key ("the > Debian key"); when dinstall verifies the signature and md5sum in > the .changes file, it signs the package and updates > Packages.pgp). I prefer this method. Then we have less key distribution worries. Cheers, - Jim