On 11/25/05, Matthew Palmer <[EMAIL PROTECTED]> wrote: > Of course, using the signature on the .changes to verify the .debs > independent from the archive at some later date is a nice side-benefit, but > one which suffers from the same key-lifetime issues as in-deb signatures,
What exactly is this key lifetime issue? Is it a cryptographic issue? > and since the .changes from autobuilt uploads aren't publically available > (apparently d-d-$arch-changes isn't archived, from info previously posted in > this thread) that method of package authentication isn't going to be 100% > reliable anyway.
