Harald Braumann <ha...@unheit.net> writes:
> On Wed, Mar 10, 2010 at 03:32:14PM +0100, Wouter Verhelst wrote:
>>
>> Having package.checksums be GPG-signed will take a significant change in
>> our infrastructure (buildd hosts, for instance, would need to have a way
>> to sign checksums files as well), so it's not going to happen
>> tomorrow.
That can be avoided by including a hash of the checksum file in the
Packages files. That would be a relatively minor change in
apt-ftparchive.
MfG
Goswin
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87aaue898o....@frosties.localdomain
