Re: Official Debian digital 'branding' of debs

[Goswin Brederlow <goswin.brederlow@student.uni-tuebingen.de>]

John Hasler <john@dhh.gt.org> writes:

> Goswin Brederlow writes:
> > And how is he going to sign the alpha, m68k, sparc, hurd-* bins?
> 
> Whoever does the build could sign them, I suppose.  I don't really care: I
> was just trying to get some clarification on the point.

Its a build demon building those, so you have to export the pgp
password, which is realy unsafe on a networed system.

> > In the future only sources will be uploaded.
> 
> In the future we will have a fancy new dpkg with built-in security
> features.  Signing our packages seemed like something we could do now.  Oh
> well.

There are packages that are uploaded as source only, namely craft will 
be. The maintainer wants to see how well the autobuild demons cope
with it on all archs, so he will not upload any bins. Even if he would 
upload any, they would be alpha bins.

The Futurte is NOW. :)

MfG,
	Goswin