Re: Official Debian digital 'branding' of debs
Manoj Srivastava <email@example.com> writes:
> >>"Rene" == Rene Mayrhofer <firstname.lastname@example.org> writes:
> To compromise the security, one would have to not only have
> compromised the master key, one would have had to compromise the
> debian keyring package, which is also signed by the maintainer.
How would that make Deb files more secure (apart from the keyring
package itself?) or is the md5sum in the packages file secure enough?
PS: The md5sums should be on the unpacked contents of the deb file,
i.e. the control.tar and data.tar.