[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Revival of the signed debs discussion

* Goswin von Brederlow (brederlo@informatik.uni-tuebingen.de) [031204 15:10]:
> Andreas Barth <aba@not.so.argh.org> writes:

> > Ok?
> Sounds ok but the upload rules can be tightened much much later. First
> we have to get signing started, which means fixing apt-utils or
> debsigs or preferably both. And of cause change policy to
> allow/suggest it.

I want to know before going on a trip where this trip is suggested to
end. Of course, after knowing, we should really start with the first
steps. And these are, as you say:
- Fix apt-utils
- Sign md5sum-files instead of the concatenated binaries (to allow for
  reomte signing)
- Change policy

And don't forget: Start to sign as soon as the toolchain is ready for

   PGP 1024/89FB5CE5  DC F1 85 6D A6 45 9C 0F  3B BE F1 D0 C5 D1 D9 0C

Reply to: