2008/12/17 Marc Espie <[email protected]>: > We think it's worse to sign packages than not to sign them if you don't have > a fairly strict process that ensures you have a correct chain of trust.
Agreed. PGP provides that, but I can understand that nobody wants GnuPG
in base. :-{
Best
Martin
