Ben Collins wrote: > Known problems, each .deb signed requires you to enter your passphrase > twice (once for each member), which get's really old after the second or > third package. Any help with getting around this would be nice.
If you instead generated a file containing the md5sums of the control.tar and data.tar, you could sign it and only need to sign things once. I suppose this is just a little less secure, since a md5sum probably doesn't give an many bits of checksum data as does a pgp signature. Still, we already use this technique in .dsc files.. -- see shy jo
