Re: dpkg-sig support wanted?
Goswin von Brederlow <firstname.lastname@example.org> writes:
> The archive signing key gives absolutely no integrity ensurance on the
> deb package. The only thing it insures is that the file was not
> altered _after_ leaving ftp.de.debian.org for the mirrors and/or
> user. In no way does it prevent altering the deb on ftp-master.
Isn't that a useful assurance? Perhaps I trust the maintenance of
ftp-master, but not the maintenance of Joe Random Mirror.