[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debsign process

On Thu, 31 May 2001, Joey Hess wrote:

> It would be much nicer if bug #89094 could just be implemented. If gpg
> supported signing multiple files in one pass, one of the above could
> just use that support and we wouldn't have to worry about another
> security issue. (And for free we'd half the existing number of
> passphrase entries too..)

You can't sign both the .dsc and the .changes file in one pass.  You sign the
.dsc, then the .changes has to be updated with the correct md5sum, before it
is signed.

Reply to: