Le Dim 20 Février 2005 22:42, Goswin von Brederlow a écrit : > Pierre Habouzit <pierre.habouzit@m4x.org> writes: > >> It's a little OT, but I think that the upload mechanisms should be > >> enhanced a little to be able to *certify* that a package has been > >> reviewed by many DD. the Uploaders field is not signed, and is not > >> trustfully. I guess this should be a really interesting > >> information (even not for OT) > > > > enven not for NEW ... sorry > > Multiple signatures in the changes file? Does gpg allow that in a way > the existing scripts would still cope with? Maybe it is as simple as > that. AFAIK, there is a gpg sig in the .dsc too. but instead of signing the same files twice, I belive it is easier to upload the changes and the dsc multiple time, or to change the .dsc and .changes into directories containing multiple files. there is a lot of easy solutions, that shouldn't change current tools that much (for the user, a uniq gpg signature is enough, so it require "only" to hack the debsign and al scripts, and the katie and al scripts) -- ·O· Pierre Habouzit ··O OOO http://www.madism.org
Attachment:
pgpTdVb2jeRec.pgp
Description: PGP signature