On Sat, Jan 26, 2008 at 10:14:56PM +0100, Frank Lichtenheld wrote: > The whole thing honestly doesn't do much for security anyway until the gpg > support of dpkg-source is largely improved. For that I have no real concept > yet, though.
Well, apt verifies them when it downloads the source before passing it to dpkg to unpack; and there's also verification when entering the archive in the first place, and manual verification at other times (eg, when the archive gets compromised). Cheers, aj
signature.asc
Description: Digital signature
