Re: packages authenticity
Quoting Guus Sliepen <email@example.com> [30 Mar-01 15:22]:
> On Fri, Mar 30, 2001 at 02:56:53PM +0200, Tamas SZERB wrote:
> > Hi, I was wondering it there is any authenticity checking for the debian
> > package, because we signed the md5sum file with our gpg/pgp key, but how can
> > the user to make sure if these signs belogs to the valid package maintainer?
> Well the user can get the key from the public key servers and run gpg/pgp on it.
or apt-get install debian-keyring, to get every developer sigs at one