Guidance, with my first deb, I seekj

Matt Zimmerman mdz at ubuntu.com
Sat May 28 12:19:34 CDT 2005


On Sat, May 28, 2005 at 09:17:44AM -0400, Jeff Bailey wrote:

> Le vendredi 27 mai 2005 à 21:48 -0700, Matt Zimmerman a écrit :
> > > It looks like your i386 box doesn't have gnupg installed, or you have no
> > > GPG key on that machine. When doing test builds, I normally build with
> > > the -uc -us options to suppress signing.
> > 
> > One Of These Days that really ought to become the default.  Signing should
> > be part of the upload process, not the build process.
> 
> I disagree - I like to know that an instance of the build that I have
> sitting there is signed and stable - then I can scp it to someplace else
> and be able to trust its integrity.

Sure, but I don't want that for _every_ build, only a small fraction of
them.  That's why I don't think it should sign by default (though an option
should be provided to sign the result).

-- 
 - mdz



More information about the ubuntu-devel mailing list