On Mittwoch, 16. Juli 2014, Hans-Christoph Steiner wrote:
> What I'm talking about already exists in Debian, but is rarely used.
> dpkg-sig creates a signature that is embedded in the .deb file. So that
> means no matter how the .deb file got onto a system, that signature can be
> verified. I'm proposing to start making dpkg-sig a standard part of
> official .deb files. This can be done in stages to make it manageable.
> Here's a rough idea of that:
how about you file a bug against dpkg-sig and put your plan and justification in there. Here on the mailinglist it will just be lost...
Description: This is a digitally signed message part.