Wouter Verhelst writes ("Re: Facilitating external repositories"):
> - It may be GPG-signed by one or more keys. Apt should have a way of
> configuring GPG keys that may be allowed to sign sources.list files,
> preloaded with the set of keys in the Debian keyring. This will allow
> system administrators in large environments to specify their own set
> of keys allowed to sign repositories, as well as allowing downstreams
> to add its own ways of trusting repositories.
The /name/ of the external repository should also be covered by the
signature.
Ian.
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive:
https://lists.debian.org/[email protected]
