Scott Kitterman <deb...@kitterman.com> writes:
> Several time people have said they feel it's important to be able to verify > from contents of the archive. Hi all, Please forgive my ignorance if this is stupid, or if it's already been discussed and I overlooked it. I'm not posing this as a suggestion, but rather as a way for me to help myself understand the technical aspects of this very interesting debate better. Why could there not be specified new (complementary, not superseding!) formats of .dsc and .changes files wherein those files are not expected to be signed themselves, but instead are expected to refer to signed git tags? When ftp-master sees this particular format, it could perform a shallow git clone of the required tag, verify it, and consider that as the source of the package. That source object in the archives is then verifiably from the signer, and requires no intermediate service (apart from the current problems of people changing keys etc.). Obviously I'm missing something here, and I feel I'd learn something interesting if someone could explain. Thanks, and sorry for the potential small distraction from the conversation. -- Gard
