On Mon, 07 May 2001 17:02:39 +0200, Marc Haber <[EMAIL PROTECTED]> wrote: > Hi, > > my personal workstation is little more than an X terminal, while I do > most of my work on a central box where my home directory is located. > Thus, I build my packages on that central box as well. Naturally, I > don't intend to put my GPG key on that central machine and keep it on > the local hard disk of my personal workstation. > > Now, how do I sign my Debian packages with that setup? Do I see it > correctly that it is the .dsc file for the source and the .changes > file for the binary package that get signed, pinning the MD5 sums of > the package files to my e-mail address? > > Is this straightforward as running gpg --clearsign --armor on the > .changes and .dsc file, renaming the resulting *.changes.asc and > *.dsc.asc to *.changes and *.dsc as dpkg-buildpackage suggests? > > Is this: [snip] > a validly signed .changes file? > > Any hints will be appreciated. If its a debian box -> man debsign
Dennis -- "Contrary to popular belief, UNIX is a user-friendly Operating System. It's just choosy about who its friends are."
