On Mon, May 07, 2001 at 11:39:06AM +0200, Gerhard Kroder wrote: > Current "testing" contains a "debsig-verify" package. Is this different to > what you called "debsign"? debsign signs a package .dsc and .changes file to get it validatet by the UploadQueue. After that the end-user has only the possibility to check a signature of a source file as the changes file (which file list included the binary produced by the maintainer) is not put on the archive.
debsig-verify should in the future allow to verify a signature that the maintainer (or a build-daemon for e.g. sparc/alpha) has applied to the .deb itself thus giving the end-user the possibility to check binary packages, too. As far as I know there's no possibility to actually apply such a binary signature to a .deb yet. If I'm wrong please point me someone to the relevant docs :) by,e -christian-
