Re: Bug#540215: Introduce dh_checksums
On Wed, Mar 10, 2010 at 03:32:14PM +0100, Wouter Verhelst wrote:
> Having package.checksums be GPG-signed will take a significant change in
> our infrastructure (buildd hosts, for instance, would need to have a way
> to sign checksums files as well), so it's not going to happen
I was wondering about that. Unfortunately I'm quite ignorant of the
details of the whole upload and build process.
- Are all packages that end up in the archive built by the autobuilders, or can maintainers
upload binary packages directly?
- How are the Release files signed? Is it done automatically or
manually? By whom?