A few humble questions related to packaging signing: * I make binary deb packages available for my projects from my Web site, but I also wanted to make the deb source files available, so that people can wrap their own binary debs for other architectures. I know that they need the *.orig.tar.gz file, the *.dsc file, and the *.debian.tar.gz file. However, what are the relevance of the *.changes files? * I haven't been signing the source files, because my code signing keys are on a separate system, which happens to be a non-debian system. I understand that the "debsign" program is for this purpose. Is debsign it's own project, or is it part of some other package? (So I can download it to my non-debian system.) Also, relating to the previous question: do I need debsign (for adjusting the changes files as well) or is it enough to run some gpg signing command on the .dsc file? -- frigidcode.com indicium.us
Attachment:
signature.asc
Description: OpenPGP digital signature