martin f krafft wrote: > Dear colleagues, > > when did Debian start requiring signed uploads to the archive? I can > find references on the lists pointing to October 1997, and I know it > was before 1999, but I can't figure out when exactly it became > a requirement. > > Could anyone please point me in the right direction? It wasn't necessary for the first packages I uploaded in August 1996. Quoting Bruce Perens: | Please set Joey up as a developer. | | Joey, | | Once you have your master.debian.org login from Simon, please create | a .changes file using "dchanges", and upload the .tar.gz, .diff.gz, .deb, | and .changes files for your packages to | ftp://master.debian.org/home/Debian/ftp/private/project/Incoming No mention of keys, or other authentication. Note that this mail also predated .dsc files; the "new"[1] source format adding dsc files was introduced later that year, and presumably we began using pgp to sign them at some point after that. -- see shy jo [1] As opposed to my new new source format.
Attachment:
signature.asc
Description: Digital signature