[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: What's happening with package signing?



Petr Cech replied:
> 
> > >From what I can see, not even the simplest suggestion has been implemented.
> > (i.e. signing the Packages.gz files)
> > 
> > Why?
> 
> No one showed the code?
> 

Um, I could "show the code" all I want, but:

	a) not being a maintainer
	b) not having access to the master box

I can't do much to help even if I wanted to.

I already have scripts that snarf the debian-devel-changes archives from the
website and turn them into a PGP-verified flat-file of md5sums.  It sure
makes it hard, though, when packages that are signed by keys not in the
debian-keyring package make it into the distribution... what is a poor
user supposed to do??

If signing Packages.gz is really only waiting for someone to write the
bash script, then tell me and I will write it!  Otherwise, the question
remains: why?

- Chris



Reply to: