* Marc Brockschmidt: > Today (or last night, whatever), the dak installation on ftp-master was > changed to not accept packages that include more than 3 parts, which are > usually the binary version and the compressed control and data > tarballs. This means that signed binary packages are rejected.
This is a pity. I think dpkg-sig is an important step into the right direction: providing more assurances about package integrity to our users. I'm confused about the status of the dak change, though. The dak mirror on merkel does not show any modifiations of the jennifer script since May 31. The diff at <http://cvs.debian.org/dak/jennifer?root=dak&r1=1.56&r2=1.57> shows that the additional check was *removed*, not *added* more than a week ago. Therefore, the dak CVS does not reflect what's actually in production use. Since there is no way for Debian Developers to review the way Debian packages are created (and it's totally out of question for end users), something that provides DD-to-user package signatures at least in some cases is very desirable indeed. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]