Archive signing
Marc Wiriadisastra
strikeforce at iinet.net.au
Thu Aug 4 21:28:00 CDT 2005
I personally think it should be implemented. I'm not to worried about
the authenticity or the intention of the creators I just worry that
something might happen as it has done on other repositories and the only
thing that saved me from it was the signing of the packages.
I think its an important thing.
On Fri, 2005-08-05 at 02:55 +0100, Martin Meredith wrote:
> Hey there,
>
> just coming back to the whole thing of ... signing archives... I
> eventually managed to get my own personal archive signed, and I still
> think hoary-backports on the old server should be signed (along with
> hoary-extras)
>
> I'm willing to help implement this, and below is the script I managed to
> use to get my archive working as a signed archive
>
> http://dev.kubuntu.org.uk/~mez/archive/gen.sh
>
> Ok, so it's not pretty, but, it works, and I havent worked out how to
> get apt-ftparchive working properly yet to auto-generate everything, if
> anyone wants to let me know, feel free.
>
> So what do you people think - should this be implemented?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.ubuntu.com/archives/ubuntu-backports/attachments/20050805/948f1662/attachment.pgp
More information about the ubuntu-backports
mailing list