Andreas Metzler wrote: > I still don't understand how you change the version number (or the > package-name) without breaking the signature.
Which signature? The Packages file is being modified, so of course the hain of trust back to the Release file signature can be used to catch tampering with it. However, the signature in a deb itself cannot help against this kind of attack. -- see shy jo
signature.asc
Description: Digital signature
