In article <[🔎] 878xal4nlw.fsf@informatik.uni-tuebingen.de> you wrote: > Then they can wget the Release.gpg file, Release file, Packages file > and check each in turn. Their choice. Which is much more complicated than checking a given fingerprint (which is very usual for Advisories) Gruss Bernd