Adrian Bunk wrote: > There's another possibility that I do use together with my sponsor > Tony Mancill: > > I build the package unsigned: > > dpkg-buildpackage -rfakeroot -us -uc > > And my sponsor only signs the package using debsign (and doesn't rebuild > it). There's still my name in the maintainer field of the changes file, > but the package is accepted because it is signed by my sponsor.
Technically, that works. In theory, one could argue that the person who signs the package should be the one to compile to be sure of what is being compiled (it's easier to inspect the .diff file and makes sure it's not trying to delete a user's hard drive for a drastic example). But that's a matter of trust, which I'm not questioning wrt you and your sponser. Peter
