Hi, in response to bug#752134 I implemented a little sha256sums $(find|grep) logic to create a file "extrafiles" in the top level of our mirror tree. The intention is to list all files that, unlike Packages and their files, aren't otherwise verifyable via existing signatures already. This appears in all our public archives, that is, main archive, debian-debug as well as the old backports archive for squeeze. I hope I catch all files, improvements always welcome, the logic is in dak[1], file dinstall.functions, function "signotherfiles". The important part is: sha256sum $(find * -type f | egrep -v '(pool|i18n|dep11|source)/|Contents-.*\.(gz|diff)|installer|binary-|(In)?Release(.gpg)?|\.changes') [1] Clone from https://ftp-master.debian.org/git/dak.git/ -- bye, Joerg <liw> we have release cycles, that's why it takes so long to get a release out; if we had release race cars, things would go a lot faster
Attachment:
signature.asc
Description: PGP signature