On Wed, Mar 10, 2010 at 03:32:14PM +0100, Wouter Verhelst wrote: > > Having package.checksums be GPG-signed will take a significant change in > our infrastructure (buildd hosts, for instance, would need to have a way > to sign checksums files as well), so it's not going to happen > tomorrow.
I was wondering about that. Unfortunately I'm quite ignorant of the details of the whole upload and build process. - Are all packages that end up in the archive built by the autobuilders, or can maintainers upload binary packages directly? - How are the Release files signed? Is it done automatically or manually? By whom? Cheers, harry -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
