Re: packages authenticity
On Mon, Apr 02, 2001 at 04:02:14PM +0200, Stefan Alfredsson wrote:
> Quoting Guus Sliepen <firstname.lastname@example.org> [30 Mar-01 15:22]:
> > On Fri, Mar 30, 2001 at 02:56:53PM +0200, Tamas SZERB wrote:
> > > Hi, I was wondering it there is any authenticity checking for the debian
> > > package, because we signed the md5sum file with our gpg/pgp key, but how can
> > > the user to make sure if these signs belogs to the valid package maintainer?
> > Well the user can get the key from the public key servers and run gpg/pgp on it.
> or apt-get install debian-keyring, to get every developer sigs at one
> time :)
That was quite out of date last I checked.