On Mon, 17 Dec 2001, Simon Hill wrote: > so assuming that dpkg (and/or apt?) can > deal with embedded gpg signiatures in .deb > files, how do we get maintainers to start > using them?
We deploy the required infrastructure to make good use of signatures in the archive, test it, send email explaining how to sign packages to debian-devel-announce, and then get da-katie to refuse non-signed debs. It is better to wait for Wichert's python mass-signing script first. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh
