> Or even better: what about a central debian maintainer key repository? This > repository could then be installed as a .deb package. And ONLY > _this_very_package_ would be signed with the debian über-key. And for every > other package to be installed, the public key would have to be in this the > locally installed key db. For being added to this db one would need the > approval of say, two already trusted debian maintainers. One could even make > a webinterface or something to automate this process.
As I see this ideas are not really original: There seem to be three packages for this functionality: debian-keyring debsig-verify debsigs Do they deliver this functionality? Marcel ----- PGP / GPG Key: http://www.ncpro.com/GPG/mmweber-at-ncpro-com.asc
pgpaexc6WXOPl.pgp
Description: PGP signature