Re: What's happening with package signing?
Petr Cech replied:
>
> > >From what I can see, not even the simplest suggestion has been implemented.
> > (i.e. signing the Packages.gz files)
> >
> > Why?
>
> No one showed the code?
>
Um, I could "show the code" all I want, but:
a) not being a maintainer
b) not having access to the master box
I can't do much to help even if I wanted to.
I already have scripts that snarf the debian-devel-changes archives from the
website and turn them into a PGP-verified flat-file of md5sums. It sure
makes it hard, though, when packages that are signed by keys not in the
debian-keyring package make it into the distribution... what is a poor
user supposed to do??
If signing Packages.gz is really only waiting for someone to write the
bash script, then tell me and I will write it! Otherwise, the question
remains: why?
- Chris
Reply to: