Matthew Palmer <mpalmer@debian.org> writes:
> On Sat, Oct 30, 2004 at 12:00:16PM +0200, Marc 'HE' Brockschmidt wrote:
>> Matthew Palmer <mpalmer@debian.org> writes:
>> [...]
>> > If we can get individually-signed .debs, you won't even need to worry so
>> > much about getting the torrent files off a trusted mirror...
>> dpkg-sig exists. Use it :)
> Thanks for that, and I know all about it and sign all of my
> internally-generated .debs for work. However, I don't bother doing it for
> my Debian-uploaded ones because (a) anything built by an autobuilder won't
> have any sigs in it,
This will (hopefully) change when enough people use dpkg-sig.
> (b) most other developers aren't signing
Well, everybody can use this as a reason, but it's no problem to call
dpkg-sig instead of debsign. [1]
Marc
Footnotes:
[1] And i would be very happy if the dpkg-buildpackage and debuild
maintainers would add dpkg-sig support, at least as option.
--
$_=')(hBCdzVnS})3..0}_$;//::niam/s~=)]3[))_$(rellac(=_$({pam(esrever })e$.)4/3*
)e$(htgnel+23(rhc,"u"(kcapnu ,""nioj ;|_- |/+9-0z-aZ-A|rt~=e$;_$=e${pam tnirp{y
V2ajFGabus} yV2ajFGa&{gwmclBHIbus}gwmclBHI&{yVGa09mbbus}yVGa09mb&{hBCdzVnSbus';
s/\n//g;s/bus/\nbus/g;eval scalar reverse # <mailto:marc@marcbrockschmidt.de>
Attachment:
pgpLWuOGLy9r4.pgp
Description: PGP signature