On Wed, Mar 17, 2010 at 08:58:28AM +0100, Goswin von Brederlow wrote: > I don't think signing the checksum file itself will be feasable as that > would alter the contents of the deb and change the checksums in the > changes files autobuilders send the admin for signing. It would break > the existing signing infrastructure for autobuilders. It would also > require running dpkg-genchanges again during signing or otherwise adjust > the checksums in the changes file.
It should be signed at build time, just after dh_shasums and then the sig file packaged together with all the other files. I don't see a problem with that. Or maybe I'm not getting something here? Cheers, harry -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100317114158.ga17...@nn.nn
