On 2014-09-21 20:04, Elmar Stellnberger wrote: > A package with some new signatures added is no more the old package. > It should have a different checksum and be made available again for update. > Perhaps someone wants to install the package not before certain signatures > have been added.
If a package would change by adding another signature, then this would invalidate previous signatures. Exactly because of your use case (waiting for a number of signatures or waiting for a specific signature before installation) the signature must be separated from the actual package. _______________________________________________ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds