Thread: Why is devel so dangerous?!
View Single Post
Jaffa's Avatar
Jaffa is offline Jaffa
2010-03-31 , 23:25
Posts: 2,535 | Thanked: 6,681 times | Joined on Mar 2008 @ UK
#43
Originally Posted by zimon View Post
That is one of the many reasons why DEB packages should be required to have embedded GPG signature of a packager, like RPM-packages. If the packager is the same as the developer, even better.
With Extras we know who uploaded it (not to the extent of a GPG signature, but at least to the extent of a username/password or SSH key) through the user of authenticated Extras Upload Assistant or scp/dput with pre-registered SSH key.

Not in the same league, of course, but almost certainly Good Enough (for now).
__________________
Andrew Flegg -- mailto:andrew@bleb.org | http://www.bleb.org
 

The Following User Says Thank You to Jaffa For This Useful Post: