On Wed, Mar 10, 2010 at 03:32:14PM +0100, Wouter Verhelst wrote: > > Having package.checksums be GPG-signed will take a significant change in > our infrastructure (buildd hosts, for instance, would need to have a way > to sign checksums files as well), so it's not going to happen > tomorrow.
I was wondering about that. Unfortunately I'm quite ignorant of the details of the whole upload and build process. - Are all packages that end up in the archive built by the autobuilders, or can maintainers upload binary packages directly? - How are the Release files signed? Is it done automatically or manually? By whom? Cheers, harry -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100311173710.gc25...@nn.nn
