Wouter Verhelst writes ("Re: Facilitating external repositories"):
> - It may be GPG-signed by one or more keys. Apt should have a way of
> configuring GPG keys that may be allowed to sign sources.list files,
> preloaded with the set of keys in the Debian keyring. This will allow
> system administrators in large environments to specify their own set
> of keys allowed to sign repositories, as well as allowing downstreams
> to add its own ways of trusting repositories.
The /name/ of the external repository should also be covered by the
signature.
Ian.
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/21936.55299.724772.736...@chiark.greenend.org.uk
