Re: [RFH] The need for signed packages and signed Releases (long, long)
On Wed, Nov 13, 2002 at 02:03:55AM +1100, Glenn McGrath wrote:
> On Tue, 12 Nov 2002 15:37:11 +0100
> Javier Fernández-Sanguino Peña <firstname.lastname@example.org> wrote:
> > - accept signatures in packages when uploading to the archive.
> It would be convenient if the signature was a part of the package, so the
> package can be checked where ever it goes, it could be an extra file in
> the ar component of the deb.
This is already done and available in the debsigs package that I wrote for
Progeny (now maintained by Branden, it looks like). What's all this wheel
> It would only need to sign the control.tar.gz as the contents of the
> data.tar.gz could be verified from the ./md5sums within control.tar.gz
> To UNSUBSCRIBE, email to email@example.com
> with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org