Re: Bug#540215: Introduce dh_checksums
On Wed, Mar 17, 2010 at 08:58:28AM +0100, Goswin von Brederlow wrote:
> I don't think signing the checksum file itself will be feasable as that
> would alter the contents of the deb and change the checksums in the
> changes files autobuilders send the admin for signing. It would break
> the existing signing infrastructure for autobuilders. It would also
> require running dpkg-genchanges again during signing or otherwise adjust
> the checksums in the changes file.
It should be signed at build time, just after dh_shasums and then the
sig file packaged together with all the other files. I don't see a
problem with that. Or maybe I'm not getting something here?