Re: dpkg-sig support wanted?
On 11/25/05, Matthew Palmer <email@example.com> wrote:
> Of course, using the signature on the .changes to verify the .debs
> independent from the archive at some later date is a nice side-benefit, but
> one which suffers from the same key-lifetime issues as in-deb signatures,
What exactly is this key lifetime issue?
Is it a cryptographic issue?
> and since the .changes from autobuilt uploads aren't publically available
> (apparently d-d-$arch-changes isn't archived, from info previously posted in
> this thread) that method of package authentication isn't going to be 100%
> reliable anyway.