[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits from the ftpmasters

Le Dim 20 Février 2005 22:42, Goswin von Brederlow a écrit :
> Pierre Habouzit <pierre.habouzit@m4x.org> writes:
> >> It's a little OT, but I think that the upload mechanisms should be
> >> enhanced a little to be able to *certify* that a package has been
> >> reviewed by many DD. the Uploaders field is not signed, and is not
> >> trustfully. I guess this should be a really interesting
> >> information (even not for OT)
> >
> > enven not for NEW ... sorry
> Multiple signatures in the changes file? Does gpg allow that in a way
> the existing scripts would still cope with? Maybe it is as simple as
> that.

AFAIK, there is a gpg sig in the .dsc too.
but instead of signing the same files twice, I belive it is easier to 
upload the changes and the dsc multiple time, or to change the .dsc 
and .changes into directories containing multiple files.

there is a lot of easy solutions, that shouldn't change current tools 
that much (for the user, a uniq gpg signature is enough, so it require 
"only" to hack the debsign and al scripts, and the katie and al 
·O·  Pierre Habouzit
OOO                                                http://www.madism.org

Attachment: pgpTdVb2jeRec.pgp
Description: PGP signature

Reply to: