Re: Packages and signatures
>>>>> " " == Bernd Eckenfels <firstname.lastname@example.org> writes:
> On Fri, Jan 19, 2001 at 10:07:56AM +0100, Goswin Brederlow
>> The point is that it would give no extra security atop of the
>> trust you can have in the autobuilders anyway.
> It will additional security since corruption on the way from
> master to the user (i.e. mirror or cd) will be detected.
Sign the Packages files, which contain the md5sum.
That could be done on a more secure server than the autobuilder.
And the autobuilder should upload packages via ssh to prevent
tampering on that side.