John Hasler <john@dhh.gt.org> writes: > I wrote: > > What do you suggest? Perhaps a signed file containing the md5sums in > > /usr/doc/package? That is something developers could just start doing. > > Rene Mayrhofer writes: > > Signed by whose key ? > > The developer's, of course. And how is he going to sign the alpha, m68k, sparc, hurd-* bins? In the future only sources will be uploaded. MfG, Goswin