On Tue, May 13, 2003 at 08:30:03AM +0100, Mark Brown wrote: > On Tue, May 13, 2003 at 01:29:00AM +0100, Colin Watson wrote: > > On Mon, May 12, 2003 at 05:41:40PM -0600, Jack Moffitt wrote: > > > Perhaps an easy thing to do would just be to show whether or not a > > > pckage is signed by a key which is signed by a real debian developer. > > > Surely getting that signature is the whole point of the system in the > > first place? > > I think the suggestion is that the key signing the package is signed by > a developer, not that the package itself is signed.
Oh yes; thanks, I misread. I'm still not sure it's practical, though; in practice, people do try to do development before getting their identity check sorted out. -- Colin Watson [EMAIL PROTECTED]