> Your UUID is the pkg+version+arch. From my viewpoint it's as simple as > that. Maybe the official policy needs to be updated so that it is clear > that any change to the binary packages, including just compile time changes, > requires a version update? That way you could change your "sigs" as often > as you'd like but you would know that a particular build was a particular > build.
Ben neglected to talk about the signing policy .... You compile your package and upload it (signed by you) to unstable. 6 months later, when we are ready to release the Release Manager has a Release Key and the packages themselves are signed by this key. Using md5sums fail here because the contents of the deb have changed (the sig was added). The version number should not be bumped because there is no packaging change.
