I've been doing some research into the current state of GPG signing official apt sources.
I've found a few conversations on this mailing circa 2000-2001 about creating a Packages.gpg and a seperate update procedure for updating this file, and then verifying Packages.gz against it. I cannot find any information beyond this. What is the current status of this? Do we hope to have this implemented for Sarge? It would be a wonderful addition. It's something most other distro's have that we don't. Cheers. -- Jerry Haltom <[EMAIL PROTECTED]> Feedback Plus, Inc.
