In article <[🔎] 19990610182337.A30502@snoopy.apana.org.au> you write: >Comments: > >1. What happens in the case a package is signed by someone who is not >the maintainer? Would this be allowed? Let me rephrase that (I didn't make myself too clear): 1. What happens in the case a package is signed by someone who is not the active maintainer for that package but who is a Debian maintainer? Would this be allowed (eg non-maintainer-uploads)? >2. Is it desirable to prevent the Packages file from being tampered with? I think that this is important - eg somebody could tamper with this file and damage Debian's name. -- Brian May <bam@snoopy.apana.org.au>
Attachment:
pgpRMv_V5HKw1.pgp
Description: PGP signature