Archive signing

Marc Wiriadisastra strikeforce at
Thu Aug 4 21:28:00 CDT 2005

I personally think it should be implemented.  I'm not to worried about
the authenticity or the intention of the creators I just worry that
something might happen as it has done on other repositories and the only
thing that saved me from it was the signing of the packages.

I think its an important thing.

On Fri, 2005-08-05 at 02:55 +0100, Martin Meredith wrote:
> Hey there,
> just coming back to the whole thing of ... signing archives... I
> eventually managed to get my own personal archive signed, and I still
> think hoary-backports on the old server should be signed (along with
> hoary-extras)
> I'm willing to help implement this, and below is the script I managed to
> use to get my archive working as a signed archive
> Ok, so it's not pretty, but, it works, and I havent worked out how to
> get apt-ftparchive working properly yet to auto-generate everything, if
> anyone wants to let me know, feel free.
> So what do you people think - should this be implemented?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the ubuntu-backports mailing list