[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dpkg-sig support wanted?

Anthony Towns <aj@azure.humbug.org.au> writes:

> .deb signatures are aimed at giving users some sort of assurance the
> package is "valid"; but when you actually look into it -- at least in
> Debian's circumstances -- those signatures can't actually give any
> meaningful assurance for any specific validity.

Don't they give the user the assurance that a Debian developer was
responsible for building and providing the package?

Reply to: