Any objections to the proposed design for this feature?
- deb [key=0x1AB52325534,0x3475BDF478] ...
Only accept signatures by one of the listed fingerprints
- deb [keyring=foobar.gpg] ...
Use foobar.gpg to verify the signatures and only foobar.gpg.
deb [trust=always|never] ....
Ignore the Release signature and just always or never trust the
source. "always" would be for file:// or sources on the local
network where you don't care if it is unsigned. "never" would be for
repositories you want to always be asked before they are used and
which should not replace packages from more trusted repositories.
MfG
Goswin
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
