On Tue, Dec 02, 2014 at 07:06:35PM +0100, Evgeni Golov wrote: > On Tue, Dec 02, 2014 at 06:49:00PM +0100, Salvatore Bonaccorso wrote: > > I would suggest not to do that. If you have both the dsc and the > > changes file signed someone could upload the package. > > How should someone then verify that the package is indeed prepared by > me? people.d.o has HTTPS, but I do not always use this for pre-builds.
Two possibilites come to my mind: 1. By you adding the md5sum of the failes to a signed gpg mail announcing them. 2. By using an invalid entry for Distribution: in the .changes, then resigning with the correct one for upload. Michael -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141202183856.gn1...@raptor.chemicalconnection.dyndns.org
