On Thu, Nov 24, 2005 at 11:54:33AM +1000, Anthony Towns wrote: > On Wed, Nov 23, 2005 at 04:37:05PM -0200, Henrique de Moraes Holschuh wrote: > > On Thu, 24 Nov 2005, Anthony Towns wrote: > > > Personally, I think it's cryptographic snake oil, at least in so far > > A signed deb has a seal of procedence and allows one to track the path it > > made through the system, and who changed it. > > That's what the .changes file is for. Only possible if the .changes file is still accessable, and going through the d-d-c archives isn't exactly convenient. On that score, the description for d-d-c says that it includes buildd logs, but a quick scroll through doesn't appear to find any. Are they sent somewhere else now, or am I just going blind? Certainly, if we're going to be verifying binary packages from the .changes files, we need to have all of the buildd .changes files available in an archive *somewhere*. - Matt
Attachment:
signature.asc
Description: Digital signature