On Saturday 26 May 2012 19:14, José Alberto Valle Cid wrote: > we are not signing the packages
Why not? Signing is the only way for your users to verify that the packages actually comes from you, and haven't been tampered with. I would not use any repo which didn't use signatures, and I suspect I'm not alone in this. -- Johnny A. Solbu PGP key ID: 0xFA687324
signature.asc
Description: This is a digitally signed message part.
