Re: [ANNOUNCE] experiemental dpkg available
Ben Collins wrote:
> Known problems, each .deb signed requires you to enter your passphrase
> twice (once for each member), which get's really old after the second or
> third package. Any help with getting around this would be nice.
If you instead generated a file containing the md5sums of the control.tar
and data.tar, you could sign it and only need to sign things once. I suppose
this is just a little less secure, since a md5sum probably doesn't give an
many bits of checksum data as does a pgp signature. Still, we already use
this technique in .dsc files..
see shy jo