RE: New field proposed, UUID
> Your UUID is the pkg+version+arch. From my viewpoint it's as simple as
> that. Maybe the official policy needs to be updated so that it is clear
> that any change to the binary packages, including just compile time changes,
> requires a version update? That way you could change your "sigs" as often
> as you'd like but you would know that a particular build was a particular
Ben neglected to talk about the signing policy ....
You compile your package and upload it (signed by you) to unstable. 6 months
later, when we are ready to release the Release Manager has a Release Key and
the packages themselves are signed by this key. Using md5sums fail here
because the contents of the deb have changed (the sig was added). The version
number should not be bumped because there is no packaging change.