Re: Official Debian digital 'branding' of debs
>Since I work in a very security aware environment I would
>like every debian binary to also be PGP signed.
All this really requires is saving the "changes" file that is
submitted with every binary upload. It includes the length and an
md5sum of the .deb file. The .changes file is signed by the
Come to think of it, those files are supposed to be posted to
debian-changes (for stable) or debian-devel-changes (for unstable) so
they should be archived at http://www.debian.org/support.html. (My
own uploads do not seem to be included, for some reason.) Making the
information more accessible would help, of course.
- Jim Van Zandt