[Tbox-talk] GPG signatures
Status: Inactive
Brought to you by:
clameter
From: Timo S. <ts...@ik...> - 2002-10-27 20:31:01
|
How about adding full support for GPG signed packages? Every package and recipe file would be GPG signed by it's maintainer and by default nothing would be installed if the signature didn't match an existing known key. Preferrably also support GPG signatures for original source packages if they're found, like: S ftp://foo/bar.tar.gz ftp://foo/bar.tar.gz.asc The signature in .asc file would then be verified to be signed with a key which is signed by the upm maintainer. Other than that I like most of the design and ideas. |