(Please don't use overly long lines, it makes text hard to read). Previously Javier Fern?ndez-Sanguino Pe?a wrote: > A far better scheme was the one proposed by Wichert (signing > only one file: Packages.gz and stablish a trust relationship > like this):
FWIW, I didn't propose it I just described it. I suspect the idea came from Jason Gunthorpe. > - When I update my system I download a Packages.gz file which is properly signed by a > well-known authority (Ben? Wichert? James?) and distributed to the mirrors It won't be a persons key but a special archive or release key. > From what I know, this will be supported scheme in the next release. Well, afaik base is frozen and the current released version of apt doesn't do that yet.. Wichert. -- _________________________________________________________________ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED] http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
