Re: Revival of the signed debs discussion
* Goswin von Brederlow (firstname.lastname@example.org) [031204 15:10]:
> Andreas Barth <email@example.com> writes:
> > Ok?
> Sounds ok but the upload rules can be tightened much much later. First
> we have to get signing started, which means fixing apt-utils or
> debsigs or preferably both. And of cause change policy to
> allow/suggest it.
I want to know before going on a trip where this trip is suggested to
end. Of course, after knowing, we should really start with the first
steps. And these are, as you say:
- Fix apt-utils
- Sign md5sum-files instead of the concatenated binaries (to allow for
- Change policy
And don't forget: Start to sign as soon as the toolchain is ready for
PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C