On Tue, Jul 15, 2014 at 12:24 AM, Hans-Christoph Steiner wrote: > I agree that .deb packages should be individually signed ... > This has been discussed in the past. I really think it is just a > matter of someone doing the work.
The work has been done many years ago and has been in the archive for ages but has probably bitrotten since apt repo signing won (mostly, some derivatives don't sign their repos) and now no-one uses deb signing (probably). The packages are dpkg-sig debsigs debsig-verify. -- bye, pabs https://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAKTje6Fk+8zDHmQRsqYLDe0ABAb8q2OMrnRmvyhp2OyYFe=w...@mail.gmail.com