On 7/1/21 2:19 PM, Jeremy Stanley wrote:
Also, as other's have stated, deb822 might be a cleaner way to express this.
I'm a little confused - I thought deb822 was just a generic format used in various places throughout Debian, including in the Release files. Where specifically would the signed-by information be stored? In the Release file as you said below, or somewhere on the user's machine?
On top of that, you can embed Signed-By fields with your key fingerprint in your repository's Release files, in order to highlight if someone gets an updated index which is signed by a different key than you previously indicated it should be. I think anything as recent as Stretch should support all of this.
Thanks. Our primary target is Ubuntu - does Ubuntu 18.04 support this? Kyle