Anthony Towns <aj@azure.humbug.org.au> writes: > .deb signatures are aimed at giving users some sort of assurance the > package is "valid"; but when you actually look into it -- at least in > Debian's circumstances -- those signatures can't actually give any > meaningful assurance for any specific validity.
Don't they give the user the assurance that a Debian developer was responsible for building and providing the package? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
