Re: [RFH] The need for signed packages and signed Releases (long, long)
On Wed, Nov 13, 2002 at 02:03:55AM +1100, Glenn McGrath wrote:
> On Tue, 12 Nov 2002 15:37:11 +0100
> Javier Fernández-Sanguino Peña <firstname.lastname@example.org> wrote:
> > - accept signatures in packages when uploading to the archive.
> It would be convenient if the signature was a part of the package, so the
> package can be checked where ever it goes, it could be an extra file in
> the ar component of the deb.
AFAIK this is already possible (and debsig-verify uses it). The
problem is that we are not using it. I do not know the details, however.