> Or even better: what about a central debian maintainer key repository? This 
> repository could then be installed as a .deb package. And ONLY 
> _this_very_package_ would be signed with the debian über-key. And for every 
> other package to be installed, the public key would have to be in this the 
> locally installed key db. For being added to this db one would need the 
> approval of say, two already trusted debian maintainers. One could even make 
> a webinterface or something to automate this process.

As I see this ideas are not really original: There seem to be three packages 
for this functionality: 

debian-keyring
debsig-verify
debsigs

Do they deliver this functionality?

Marcel

-----

PGP / GPG Key:    http://www.ncpro.com/GPG/mmweber-at-ncpro-com.asc

Attachment: pgpaexc6WXOPl.pgp
Description: PGP signature

Reply via email to