If people really want to be able to verify package integrity we might as well go the whole way. Ian Jackson posted (1.5 years ago I think) a proposal that would secure the complete stage from building a package to distribution on the mirrors.
You might want to look that up in the list archives. Wichert. -- ============================================================================== This combination of bytes forms a message written to you by Wichert Akkerman. E-Mail: [EMAIL PROTECTED] WWW: http://www.wi.leidenuniv.nl/~wichert/
pgpFq7sZVNzcv.pgp
Description: PGP signature