Package: reprepro Version: 1.3.1-1 Severity: wishlist i was wondering if it would be possible to include some sort of mechanism to verify gpg-signed .changes or .dsc files when using the include or includedsc commands.
i.e. reprepro include local foo_version_arch.changes would actually check the signature on the .changes file, and error out if the signature was invalid or not in the allowed keyring for that distribution. maybe it could be implemented similar to VerifyRelease for conf/updates, such as "VerifySignature" in conf/distributions: Codename: local Architectures: i386 source Components: main local SignWith: 4BF748F6 VerifySignature: 1DB114E0|4F368D5D|B5F5BBED|2D230C5F or possibly VerifySignatureFile to specify a gpg-keyring: VerifySignatureFile: keyring.gpg or VerifySignatureFile: /path/to/keyring.gpg this would make it much easier to implement a simple upload queue for reprepro. thanks for your work on reprepro! :) live well, vagrant -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
