[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dpkg-sig support wanted?

Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de> writes:

> The archive signing key gives absolutely no integrity ensurance on the
> deb package. The only thing it insures is that the file was not
> altered _after_ leaving ftp.de.debian.org for the mirrors and/or
> user. In no way does it prevent altering the deb on ftp-master.

Isn't that a useful assurance?  Perhaps I trust the maintenance of
ftp-master, but not the maintenance of Joe Random Mirror.

Reply to: