Re: [RFH] The need for signed packages and signed Releases (long, long)
On Tue, 12 Nov 2002 15:37:11 +0100
Javier Fernández-Sanguino Peña <email@example.com> wrote:
> - accept signatures in packages when uploading to the archive.
It would be convenient if the signature was a part of the package, so the
package can be checked where ever it goes, it could be an extra file in
the ar component of the deb.
It would only need to sign the control.tar.gz as the contents of the
data.tar.gz could be verified from the ./md5sums within control.tar.gz