Matthew Palmer <[EMAIL PROTECTED]> writes: > On Sat, Oct 30, 2004 at 12:00:16PM +0200, Marc 'HE' Brockschmidt wrote: >> Matthew Palmer <[EMAIL PROTECTED]> writes: >> [...] >> > If we can get individually-signed .debs, you won't even need to worry so >> > much about getting the torrent files off a trusted mirror... >> dpkg-sig exists. Use it :) > Thanks for that, and I know all about it and sign all of my > internally-generated .debs for work. However, I don't bother doing it for > my Debian-uploaded ones because (a) anything built by an autobuilder won't > have any sigs in it,
This will (hopefully) change when enough people use dpkg-sig.
> (b) most other developers aren't signing
Well, everybody can use this as a reason, but it's no problem to call
dpkg-sig instead of debsign. [1]
Marc
Footnotes:
[1] And i would be very happy if the dpkg-buildpackage and debuild
maintainers would add dpkg-sig support, at least as option.
--
$_=')(hBCdzVnS})3..0}_$;//::niam/s~=)]3[))_$(rellac(=_$({pam(esrever })e$.)4/3*
)e$(htgnel+23(rhc,"u"(kcapnu ,""nioj ;|_- |/+9-0z-aZ-A|rt~=e$;_$=e${pam tnirp{y
V2ajFGabus} yV2ajFGa&{gwmclBHIbus}gwmclBHI&{yVGa09mbbus}yVGa09mb&{hBCdzVnSbus';
s/\n//g;s/bus/\nbus/g;eval scalar reverse # <mailto:[EMAIL PROTECTED]>
pgpSXg4Iopaqh.pgp
Description: PGP signature
