On Fri, 25 Nov 2005 12:50:41 -0800, Thomas Bushnell BSG <[EMAIL PROTECTED]> wrote: >Goswin von Brederlow <[EMAIL PROTECTED]> writes: >> The archive signing key gives absolutely no integrity ensurance on the >> deb package. The only thing it insures is that the file was not >> altered _after_ leaving ftp.de.debian.org for the mirrors and/or >> user. In no way does it prevent altering the deb on ftp-master. > >Isn't that a useful assurance? Perhaps I trust the maintenance of >ftp-master, but not the maintenance of Joe Random Mirror.
So the natural reaction would be having _both_ signatures so that the individual user can choose whom to trust. Greetings Marc -- -------------------------------------- !! No courtesy copies, please !! ----- Marc Haber | " Questions are the | Mailadresse im Header Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/ Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
