Re: concrete steps for improving apt downloading security and privacy
On Tue, Jul 15, 2014 at 12:24 AM, Hans-Christoph Steiner wrote:
> I agree that .deb packages should be individually signed
> This has been discussed in the past. I really think it is just a
> matter of someone doing the work.
The work has been done many years ago and has been in the archive for
ages but has probably bitrotten since apt repo signing won (mostly,
some derivatives don't sign their repos) and now no-one uses deb
signing (probably). The packages are dpkg-sig debsigs debsig-verify.